Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

AdwCleaner Unable to remove cmwr.sys and cmwf.sys files


  • This topic is locked This topic is locked
18 replies to this topic

#1 txjustin825

txjustin825

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:02:14 PM

Posted 30 January 2015 - 03:16 PM

I am helping a friend who clicked in the "wrong area" and downloaded a whole lot of Trojans, PUP, etc.  I notice that Adwcleaner could not clean these files and I went to manually delete and it shows "The file cmwr.sys is too large for the destination file system."  Same with cmwf.sys.  Am I infected?  Ran malware-bytes, anti-spyware, rogue killer-but it froze when it hit cmwr.sys.  No luck. 

 

Saw your site has been able to help with this!  I have run FRST and attached the FRST.txt and Addition.txt files.  Thanks!!!

Attached Files



BC AdBot (Login to Remove)

 


#2 txjustin825

txjustin825
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:02:14 PM

Posted 30 January 2015 - 03:23 PM

the files are located on the computer C:\Windows\System32\drivers\cmwf.sys and C:\Windows\System32\drivers\cmwr.sys



#3 txjustin825

txjustin825
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:02:14 PM

Posted 30 January 2015 - 04:04 PM

FRST file and below that is the Additional.txt file

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 28-01-2015
Ran by Cassandra (administrator) on INSPIRON560 on 30-01-2015 14:05:07
Running from C:\Users\Cassandra\Desktop
Loaded Profiles: Cassandra (Available profiles: Cassandra)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Stardock Corporation) C:\Program Files\Dell\DellDock\DockLogin.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE
(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare 8\Monitor.exe
(IObit) C:\Program Files (x86)\IObit\Smart Defrag 3\SmartDefrag.exe
(Intuit) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Spotify Ltd) C:\Users\Cassandra\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
() C:\Program Files (x86)\TopTab\explorer-task\explorer-task.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCTray.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
(Intuit Inc.) C:\Program Files (x86)\Intuit\QuickBooks 2011\QBW32.EXE
(Stardock Corporation) C:\Program Files\Dell\DellDock\DellDock.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(IObit) C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe
(Intuit, Inc.) C:\Program Files (x86)\Intuit\QuickBooks 2011\QBHelp.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_16_0_0_296_ActiveX.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [8306208 2009-10-20] (Realtek Semiconductor)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284696 2010-03-03] (Intel Corporation)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [976320 2009-12-03] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [LTCM Client] => C:\Program Files (x86)\LTCM Client\ltcmClient.exe [1596096 2009-08-05] (Leader Technologies Inc.)
HKLM-x32\...\Run: [Intuit SyncManager] => C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe [1497352 2011-02-21] (Intuit Inc. All rights reserved.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-09-12] (Adobe Systems Incorporated)
Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll [X]
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-637550786-695466938-1670476771-1000\...\Run: [EPSON NX125 NX127 Series] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIGGA.EXE [224768 2009-09-14] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-637550786-695466938-1670476771-1000\...\Run: [cdloader] => C:\Users\Cassandra\AppData\Roaming\mjusbsp\cdloader2.exe [50592 2012-02-01] (magicJack L.P.)
HKU\S-1-5-21-637550786-695466938-1670476771-1000\...\Run: [MusicManager] => C:\Users\Cassandra\AppData\Local\Programs\Google\MusicManager\MusicManager.exe [7475200 2014-11-13] (Google Inc.)
HKU\S-1-5-21-637550786-695466938-1670476771-1000\...\Run: [Spotify Web Helper] => C:\Users\Cassandra\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1168896 2013-12-11] (Spotify Ltd)
HKU\S-1-5-21-637550786-695466938-1670476771-1000\...\Run: [Google Update] => C:\Users\Cassandra\AppData\Local\Google\Update\GoogleUpdate.exe [107912 2014-10-22] (Google Inc.)
HKU\S-1-5-21-637550786-695466938-1670476771-1000\...\Run: [explorertask] => C:\PROGRAM FILES (X86)\TOPTAB\EXPLORER-TASK\EXPLORER-TASK.EXE [22016 2014-11-26] ()
HKU\S-1-5-21-637550786-695466938-1670476771-1000\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7780120 2015-01-28] (SUPERAntiSpyware)
HKU\S-1-5-21-637550786-695466938-1670476771-1000\...\Run: [Advanced SystemCare 8] => C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCTray.exe [2428704 2015-01-20] (IObit)
HKU\S-1-5-21-637550786-695466938-1670476771-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7404312 2015-01-20] (Piriform Ltd)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Intuit Data Protect.lnk
ShortcutTarget: Intuit Data Protect.lnk -> C:\Program Files (x86)\Common Files\Intuit\DataProtect\IntuitDataProtect.exe (Intuit Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
ShortcutTarget: QuickBooks Update Agent.lnk -> C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks_Standard_21.lnk
ShortcutTarget: QuickBooks_Standard_21.lnk -> C:\Program Files (x86)\Intuit\QuickBooks 2011\QBW32.EXE (Intuit Inc.)
Startup: C:\Users\Cassandra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk
ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (No File)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (No File)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
BootExecute: autocheck autochk * C:\PROGRA~2\AVG\AVG2012\avgrsa.exe /sync /restart
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR HKU\S-1-5-21-637550786-695466938-1670476771-1000\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = https://www.yahoo.com?fr=hp-avast&type=odc278
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = https://search.yahoo.com/yhs/search?type=odc278&hspart=avast&hsimp=yhs-001&p={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-637550786-695466938-1670476771-1000\Software\Microsoft\Internet Explorer\Main,Search Page = https://search.yahoo.com/yhs/search?type=odc278&hspart=avast&hsimp=yhs-001&p={searchTerms}
HKU\S-1-5-21-637550786-695466938-1670476771-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.yahoo.com?fr=hp-avast&type=odc278
SearchScopes: HKLM -> {589B893E-773C-4941-88C2-0DCC718E621C} URL =
SearchScopes: HKLM -> {D29DFD1A-1D5C-43B2-A96D-4A9394F2543D} URL = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {20A4E07C-4323-4D1F-A060-116C013E7C90} URL = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://search.yahoo.com/yhs/search?type=odc278&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-637550786-695466938-1670476771-1000 -> {20A4E07C-4323-4D1F-A060-116C013E7C90} URL =
SearchScopes: HKU\S-1-5-21-637550786-695466938-1670476771-1000 -> {589B893E-773C-4941-88C2-0DCC718E621C} URL =
SearchScopes: HKU\S-1-5-21-637550786-695466938-1670476771-1000 -> {D29DFD1A-1D5C-43B2-A96D-4A9394F2543D} URL =
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll (IObit)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
BHO-x32: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Toolbar: HKLM - No Name - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} -  No File
Toolbar: HKU\S-1-5-21-637550786-695466938-1670476771-1000 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
Handler-x32: intu-help-qb4 - {ACE22922-D07C-4860-B51B-8CF472FEC2CB} - C:\Program Files (x86)\Intuit\QuickBooks 2011\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler-x32: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\Windows\SysWOW64\mscoree.dll (Microsoft Corporation)
Winsock: Catalog9 01 C:\Windows\SysWOW64\ColorMedia.dll [324776] (CartCrunch Israel Ltd.)
Winsock: Catalog9 02 C:\Windows\SysWOW64\ColorMedia.dll [324776] (CartCrunch Israel Ltd.)
Winsock: Catalog9 03 C:\Windows\SysWOW64\ColorMedia.dll [324776] (CartCrunch Israel Ltd.)
Winsock: Catalog9 04 C:\Windows\SysWOW64\ColorMedia.dll [324776] (CartCrunch Israel Ltd.)
Winsock: Catalog9 15 C:\Windows\SysWOW64\ColorMedia.dll [324776] (CartCrunch Israel Ltd.)
Winsock: Catalog9-x64 01 C:\Windows\system32\ColorMedia64.dll [370688] (CartCrunch Israel Ltd.)
Winsock: Catalog9-x64 02 C:\Windows\system32\ColorMedia64.dll [370688] (CartCrunch Israel Ltd.)
Winsock: Catalog9-x64 03 C:\Windows\system32\ColorMedia64.dll [370688] (CartCrunch Israel Ltd.)
Winsock: Catalog9-x64 04 C:\Windows\system32\ColorMedia64.dll [370688] (CartCrunch Israel Ltd.)
Winsock: Catalog9-x64 15 C:\Windows\system32\ColorMedia64.dll [370688] (CartCrunch Israel Ltd.)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Cassandra\AppData\Roaming\Mozilla\Firefox\Profiles\p8gyg6sx.default
FF SelectedSearchEngine: Google
FF Homepage: hxxp://www.google.com/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_296.dll ()
FF Plugin: @bestbuy.com/npBestBuyPcAppDetector,version=1.0 -> C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll No File
FF Plugin: @java.com/DTPlugin,version=1.6.0_45 -> C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_296.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1216156.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @bestbuy.com/npBestBuyPcAppDetector,version=1.0 -> C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll No File
FF Plugin-x32: @java.com/DTPlugin,version=1.6.0_45 -> C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-637550786-695466938-1670476771-1000: @citrixonline.com/appdetectorplugin -> C:\Users\Cassandra\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF Plugin HKU\S-1-5-21-637550786-695466938-1670476771-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Cassandra\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-637550786-695466938-1670476771-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Cassandra\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Extension: Diccionario en Español para Venezuela - C:\Users\Cassandra\AppData\Roaming\Mozilla\Firefox\Profiles\p8gyg6sx.default\Extensions\es-ve@dictionaries.addons.mozilla.org [2014-05-04]
FF Extension: Advanced SystemCare Surfing Protection - C:\Users\Cassandra\AppData\Roaming\Mozilla\Firefox\Profiles\p8gyg6sx.default\Extensions\iobitascsurfingprotection@iobit.com [2015-01-28]
FF Extension: IE Tab 2 (FF 3.6+) - C:\Users\Cassandra\AppData\Roaming\Mozilla\Firefox\Profiles\p8gyg6sx.default\Extensions\{1BC9BA34-1EED-42ca-A505-6D2F1A935BBB} [2013-12-16]
FF Extension: Zoom It - C:\Users\Cassandra\AppData\Roaming\Mozilla\Firefox\Profiles\p8gyg6sx.default\Extensions\{769c5117-c89d-0edb-4955-2225d6a83820} [2015-01-29]
FF Extension: WOT - C:\Users\Cassandra\AppData\Roaming\Mozilla\Firefox\Profiles\p8gyg6sx.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2015-01-28]
FF Extension: Tab Preview - C:\Users\Cassandra\AppData\Roaming\Mozilla\Firefox\Profiles\p8gyg6sx.default\Extensions\{1de0de3c-0b5c-4f67-90c6-689623894991}.xpi [2011-04-24]
FF Extension: deskCut - C:\Users\Cassandra\AppData\Roaming\Mozilla\Firefox\Profiles\p8gyg6sx.default\Extensions\{9125C9CB-BE2B-4389-A0C7-46A4BDD46AEA}.xpi [2011-04-24]
FF Extension: Adblock Plus - C:\Users\Cassandra\AppData\Roaming\Mozilla\Firefox\Profiles\p8gyg6sx.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-01-28]
FF Extension: Tab Mix Plus - C:\Users\Cassandra\AppData\Roaming\Mozilla\Firefox\Profiles\p8gyg6sx.default\Extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi [2011-05-10]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0045-ABCDEFFEDCBA} [2015-01-28]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF

Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.99\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.99\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.99\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll No File
CHR Plugin: (AVG SiteSafety plugin) - C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\15.5.0\\npsitesafety.dll No File
CHR Plugin: (Java™ Platform SE 6 U31) - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (McAfee Security Scanner +) - C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMss.dll No File
CHR Plugin: (Windows Live® Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Best Buy pc app Detector) - C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll No File
CHR Plugin: (Google Update) - C:\Users\Cassandra\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll No File
CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll No File
CHR Profile: C:\Users\Cassandra\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Angry Birds) - C:\Users\Cassandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj [2013-09-13]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Cassandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-22]
CHR Extension: (Rage Comics) - C:\Users\Cassandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\bigbpmgpdffelbefknlmefjiejgoinao [2013-09-13]
CHR Extension: (YouTube) - C:\Users\Cassandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-09-13]
CHR Extension: (Spotify - Music for every moment) - C:\Users\Cassandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnkjkdjlofllcpbemipjbcpfnglbgieh [2013-09-13]
CHR Extension: (Google Search) - C:\Users\Cassandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-09-13]
CHR Extension: (Cut the Rope) - C:\Users\Cassandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkddaofiamhgfjmaccfcfpfolpgbeomj [2013-09-13]
CHR Extension: (Pathuku) - C:\Users\Cassandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\hkiilmogcdkeefnbemdagpmcediekadb [2013-09-13]
CHR Extension: (An Awesome Book!) - C:\Users\Cassandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcafjdhiidcpdgpdbpnllmpheogojkfl [2013-09-13]
CHR Extension: (Little Alchemy) - C:\Users\Cassandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\knkapnclbofjjgicpkfoagdjohlfjhpd [2013-09-13]
CHR Extension: (Webcam Toy) - C:\Users\Cassandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfbgimoladefibpklnfmkpknadbklade [2013-09-13]
CHR Extension: (Quick Note) - C:\Users\Cassandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\mijlebbfndhelmdpmllgcfadlkankhok [2013-09-13]
CHR Extension: (Google Wallet) - C:\Users\Cassandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-13]
CHR Extension: (Lyrics for Google Chrome™) - C:\Users\Cassandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\oglbipcbkmlknhfhabolnniekmlhfoek [2013-09-13]
CHR Extension: (Sinuous) - C:\Users\Cassandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\omlmnomieeknagejjojcpdomnbnbchdl [2013-09-13]
CHR Extension: (Gmail) - C:\Users\Cassandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-09-13]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [Not Found]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-22] (SUPERAntiSpyware.com)
R2 AdvancedSystemCareService8; C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCService.exe [815392 2014-11-04] (IObit)
R2 DockLoginService; C:\Program Files\Dell\DellDock\DockLogin.exe [155648 2009-06-09] (Stardock Corporation) [File not signed]
S2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2724128 2015-01-16] (IObit)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)
R2 QBCFMonitorService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe [45056 2011-03-05] (Intuit) [File not signed]
S3 QBFCService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe [61440 2009-07-23] (Intuit Inc.) [File not signed]
S2 UTSCSI; C:\Windows\SysWOW64\UTSCSI.EXE [45056 2013-02-02] () [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 AnyDVD; C:\Windows\System32\Drivers\AnyDVD.sys [125512 2010-12-01] (SlySoft, Inc.)
R3 AnyDVD; C:\Windows\SysWOW64\Drivers\AnyDVD.sys [125512 2010-12-01] (SlySoft, Inc.)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-08-30] ()
R1 cmwf; C:\Windows\system32\Drivers\cmwf.sys [33952 2015-01-07] () [File not signed]
R1 cmwr; C:\Windows\system32\Drivers\cmwr.sys [45216 2015-01-07] () [File not signed]
R1 HWiNFO32; C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [26528 2015-01-28] (REALiX™)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)
S3 pfc; C:\Windows\SysWOW64\drivers\pfc.sys [10368 2006-10-02] (Padus, Inc.) [File not signed]
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R0 SmartDefragDriver; C:\Windows\System32\Drivers\SmartDefragDriver.sys [21184 2014-06-04] (IObit)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [35064 2015-01-28] ()
S0 AVGIDSHA; system32\DRIVERS\avgidsha.sys [X]
S1 avgtp; \??\C:\Windows\system32\drivers\avgtpx64.sys [X]
S3 taphss6; system32\DRIVERS\taphss6.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-30 14:05 - 2015-01-30 14:05 - 00026339 _____ () C:\Users\Cassandra\Desktop\FRST.txt
2015-01-30 14:04 - 2015-01-30 14:05 - 00000000 ____D () C:\FRST
2015-01-30 14:04 - 2015-01-30 14:04 - 02130432 _____ (Farbar) C:\Users\Cassandra\Desktop\FRST64.exe
2015-01-30 13:39 - 2015-01-30 13:53 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-01-30 13:38 - 2015-01-30 13:38 - 16466552 _____ (Malwarebytes Corp.) C:\Users\Cassandra\Downloads\mbar-1.08.3.1004.exe
2015-01-30 13:30 - 2015-01-30 13:33 - 00002454 _____ () C:\Users\Cassandra\Desktop\Rkill.txt
2015-01-30 13:30 - 2015-01-30 13:30 - 01943800 _____ (Bleeping Computer, LLC) C:\Users\Cassandra\Downloads\rkill.exe
2015-01-30 13:22 - 2015-01-30 13:22 - 02194432 _____ () C:\Users\Cassandra\Downloads\AdwCleaner(1).exe
2015-01-30 13:21 - 2015-01-30 13:21 - 02194432 _____ () C:\Users\Cassandra\Downloads\AdwCleaner.exe
2015-01-30 13:13 - 2015-01-30 13:38 - 00000000 ____D () C:\AdwCleaner
2015-01-30 12:56 - 2015-01-30 13:26 - 00001868 _____ () C:\Windows\PFRO.log
2015-01-30 12:56 - 2015-01-30 13:26 - 00000168 _____ () C:\Windows\setupact.log
2015-01-30 12:56 - 2015-01-30 12:56 - 00000000 _____ () C:\Windows\setuperr.log
2015-01-30 05:26 - 2015-01-30 05:26 - 00002780 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2015-01-30 05:26 - 2015-01-30 05:26 - 00000824 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2015-01-30 05:25 - 2015-01-30 05:25 - 05325208 _____ (Piriform Ltd) C:\Users\Cassandra\Downloads\ccsetup502.exe
2015-01-29 17:46 - 2015-01-29 17:46 - 00007596 _____ () C:\Users\Cassandra\AppData\Local\Resmon.ResmonCfg
2015-01-29 17:34 - 2015-01-29 17:34 - 00000286 _____ () C:\Windows\Tasks\Uninstaller_SkipUac_Cassandra.job
2015-01-28 14:57 - 2015-01-28 14:57 - 00545200 _____ (Sun Microsystems, Inc.) C:\Windows\system32\npdeployJava1.dll
2015-01-28 14:57 - 2015-01-28 14:57 - 00196528 _____ (Sun Microsystems, Inc.) C:\Windows\system32\javaws.exe
2015-01-28 14:57 - 2015-01-28 14:57 - 00172976 _____ (Sun Microsystems, Inc.) C:\Windows\system32\javaw.exe
2015-01-28 14:57 - 2015-01-28 14:57 - 00172976 _____ (Sun Microsystems, Inc.) C:\Windows\system32\java.exe
2015-01-28 14:56 - 2015-01-28 14:56 - 00477616 _____ (Sun Microsystems, Inc.) C:\Windows\SysWOW64\npdeployJava1.dll
2015-01-28 14:56 - 2015-01-28 14:56 - 00162224 _____ (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaws.exe
2015-01-28 14:56 - 2015-01-28 14:56 - 00149936 _____ (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaw.exe
2015-01-28 14:56 - 2015-01-28 14:56 - 00149936 _____ (Sun Microsystems, Inc.) C:\Windows\SysWOW64\java.exe
2015-01-28 14:56 - 2015-01-28 14:56 - 00000000 ____D () C:\Program Files (x86)\Java
2015-01-28 14:54 - 2015-01-28 14:54 - 04263128 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\RTKVHD64.sys
2015-01-28 14:54 - 2015-01-28 14:54 - 03186544 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkApi64.dll
2015-01-28 14:54 - 2015-01-28 14:54 - 02860760 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtPgEx64.dll
2015-01-28 14:54 - 2015-01-28 14:54 - 02827120 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RltkAPO64.dll
2015-01-28 14:54 - 2015-01-28 14:54 - 02770976 _____ (Fortemedia Corporation) C:\Windows\system32\FMAPO64.dll
2015-01-28 14:54 - 2015-01-28 14:54 - 02041432 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioEQ64.dll
2015-01-28 14:54 - 2015-01-28 14:54 - 02000640 _____ (Creative Technology Ltd.) C:\Windows\system32\MBAPO264.dll
2015-01-28 14:54 - 2015-01-28 14:54 - 01959128 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTSnMg64.cpl
2015-01-28 14:54 - 2015-01-28 14:54 - 01728768 _____ (Creative Technology Ltd.) C:\Windows\SysWOW64\MBAPO232.dll
2015-01-28 14:54 - 2015-01-28 14:54 - 01443340 _____ () C:\Windows\system32\Drivers\RTAIODAT.DAT
2015-01-28 14:54 - 2015-01-28 14:54 - 01287384 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTCOM64.dll
2015-01-28 14:54 - 2015-01-28 14:54 - 00959704 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RCoInstII64.dll
2015-01-28 14:54 - 2015-01-28 14:54 - 00897152 _____ (Creative Technology Ltd.) C:\Windows\system32\MBAPO64.dll
2015-01-28 14:54 - 2015-01-28 14:54 - 00753280 _____ (Creative Technology Ltd.) C:\Windows\SysWOW64\MBAPO32.dll
2015-01-28 14:54 - 2015-01-28 14:54 - 00629464 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtDataProc64.dll
2015-01-28 14:54 - 2015-01-28 14:54 - 00628504 _____ (Creative Technology Ltd.) C:\Windows\system32\MBTHX64.dll
2015-01-28 14:54 - 2015-01-28 14:54 - 00563992 _____ (Creative Technology Ltd.) C:\Windows\SysWOW64\MBTHX32.dll
2015-01-28 14:54 - 2015-01-28 14:54 - 00560328 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTAC64.dll
2015-01-28 14:54 - 2015-01-28 14:54 - 00518896 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSTSX64.dll
2015-01-28 14:54 - 2015-01-28 14:54 - 00397592 _____ (Creative Technology Ltd.) C:\Windows\system32\MBWrp64.dll
2015-01-28 14:54 - 2015-01-28 14:54 - 00375128 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEP64A.dll
2015-01-28 14:54 - 2015-01-28 14:54 - 00331880 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtlCPAPI64.dll
2015-01-28 14:54 - 2015-01-28 14:54 - 00318808 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO20.dll
2015-01-28 14:54 - 2015-01-28 14:54 - 00310104 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DHT64.dll
2015-01-28 14:54 - 2015-01-28 14:54 - 00310104 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DAA64.dll
2015-01-28 14:54 - 2015-01-28 14:54 - 00211184 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSTSH64.dll
2015-01-28 14:54 - 2015-01-28 14:54 - 00204120 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEED64A.dll
2015-01-28 14:54 - 2015-01-28 14:54 - 00198896 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSHP64.dll
2015-01-28 14:54 - 2015-01-28 14:54 - 00155888 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSWOW64.dll
2015-01-28 14:54 - 2015-01-28 14:54 - 00149608 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCfg64.dll
2015-01-28 14:54 - 2015-01-28 14:54 - 00113576 _____ (Real Sound Lab SIA) C:\Windows\system32\CONEQMSAPOGUILibrary.dll
2015-01-28 14:54 - 2015-01-28 14:54 - 00108640 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTAR64.dll
2015-01-28 14:54 - 2015-01-28 14:54 - 00101208 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEL64A.dll
2015-01-28 14:54 - 2015-01-28 14:54 - 00078680 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEG64A.dll
2015-01-28 14:54 - 2015-01-28 14:54 - 00014952 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCoLDR64.dll
2015-01-28 14:53 - 2015-01-28 14:53 - 00942808 _____ (Realtek ) C:\Windows\system32\Drivers\Rt64win7.sys
2015-01-28 14:53 - 2015-01-28 14:53 - 00073800 _____ (Realtek Semiconductor Corporation) C:\Windows\system32\RtNicProp64.dll
2015-01-28 14:51 - 2015-01-28 14:51 - 15546880 _____ (Intel Corporation) C:\Windows\system32\ig4icd64.dll
2015-01-28 14:51 - 2015-01-28 14:51 - 11405824 _____ (Intel Corporation) C:\Windows\SysWOW64\ig4icd32.dll
2015-01-28 14:51 - 2015-01-28 14:51 - 10629408 _____ (Intel Corporation) C:\Windows\system32\Drivers\igdkmd64.sys
2015-01-28 14:51 - 2015-01-28 14:51 - 06549504 _____ (Intel Corporation) C:\Windows\system32\igdumd64.dll
2015-01-28 14:51 - 2015-01-28 14:51 - 04896768 _____ (Intel Corporation) C:\Windows\SysWOW64\igdumd32.dll
2015-01-28 14:51 - 2015-01-28 14:51 - 03158560 _____ (Intel Corporation) C:\Windows\system32\GfxUI.exe
2015-01-28 14:51 - 2015-01-28 14:51 - 00571904 _____ (Intel Corporation) C:\Windows\SysWOW64\igdumdx32.dll
2015-01-28 14:51 - 2015-01-28 14:51 - 00511008 _____ (Intel Corporation) C:\Windows\system32\igfxsrvc.exe
2015-01-28 14:51 - 2015-01-28 14:51 - 00418336 _____ (Intel Corporation) C:\Windows\system32\SETCD88.tmp
2015-01-28 14:51 - 2015-01-28 14:51 - 00418336 _____ (Intel Corporation) C:\Windows\system32\SETBF09.tmp
2015-01-28 14:51 - 2015-01-28 14:51 - 00418336 _____ (Intel Corporation) C:\Windows\system32\SETBC74.tmp
2015-01-28 14:51 - 2015-01-28 14:51 - 00418336 _____ (Intel Corporation) C:\Windows\system32\SETA7DF.tmp
2015-01-28 14:51 - 2015-01-28 14:51 - 00418336 _____ (Intel Corporation) C:\Windows\system32\SET940D.tmp
2015-01-28 14:51 - 2015-01-28 14:51 - 00418336 _____ (Intel Corporation) C:\Windows\system32\SET7903.tmp
2015-01-28 14:51 - 2015-01-28 14:51 - 00418336 _____ (Intel Corporation) C:\Windows\system32\SET66C6.tmp
2015-01-28 14:51 - 2015-01-28 14:51 - 00418336 _____ (Intel Corporation) C:\Windows\system32\SET41E4.tmp
2015-01-28 14:51 - 2015-01-28 14:51 - 00387616 _____ (Intel Corporation) C:\Windows\system32\SETCD39.tmp
2015-01-28 14:51 - 2015-01-28 14:51 - 00387616 _____ (Intel Corporation) C:\Windows\system32\SETBDAF.tmp
2015-01-28 14:51 - 2015-01-28 14:51 - 00387616 _____ (Intel Corporation) C:\Windows\system32\SETBC15.tmp
2015-01-28 14:51 - 2015-01-28 14:51 - 00387616 _____ (Intel Corporation) C:\Windows\system32\SETA771.tmp
2015-01-28 14:51 - 2015-01-28 14:51 - 00387616 _____ (Intel Corporation) C:\Windows\system32\SET938F.tmp
2015-01-28 14:51 - 2015-01-28 14:51 - 00387616 _____ (Intel Corporation) C:\Windows\system32\SET7894.tmp
2015-01-28 14:51 - 2015-01-28 14:51 - 00387616 _____ (Intel Corporation) C:\Windows\system32\SET6668.tmp
2015-01-28 14:51 - 2015-01-28 14:51 - 00387616 _____ (Intel Corporation) C:\Windows\system32\SET4186.tmp
2015-01-28 14:51 - 2015-01-28 14:51 - 00380416 _____ (Intel Corporation) C:\Windows\system32\igfxTMM.dll
2015-01-28 14:51 - 2015-01-28 14:51 - 00272384 _____ (Intel Corporation) C:\Windows\system32\igfxdev.dll
2015-01-28 14:51 - 2015-01-28 14:51 - 00244224 _____ (Intel Corporation) C:\Windows\system32\igfxpph.dll
2015-01-28 14:51 - 2015-01-28 14:51 - 00228864 _____ (Intel Corporation) C:\Windows\SysWOW64\igfxdv32.dll
2015-01-28 14:51 - 2015-01-28 14:51 - 00224800 _____ (Intel Corporation) C:\Windows\system32\igfxext.exe
2015-01-28 14:51 - 2015-01-28 14:51 - 00189552 _____ () C:\Windows\system32\Gfxres.th-TH.resources
2015-01-28 14:51 - 2015-01-28 14:51 - 00178407 _____ () C:\Windows\system32\Gfxres.el-GR.resources
2015-01-28 14:51 - 2015-01-28 14:51 - 00165395 _____ () C:\Windows\system32\Gfxres.ru-RU.resources
2015-01-28 14:51 - 2015-01-28 14:51 - 00163360 _____ (Intel Corporation) C:\Windows\system32\SETCCDA.tmp
2015-01-28 14:51 - 2015-01-28 14:51 - 00163360 _____ (Intel Corporation) C:\Windows\system32\SETBD03.tmp
2015-01-28 14:51 - 2015-01-28 14:51 - 00163360 _____ (Intel Corporation) C:\Windows\system32\SETBBA7.tmp
2015-01-28 14:51 - 2015-01-28 14:51 - 00163360 _____ (Intel Corporation) C:\Windows\system32\SETA6E3.tmp
2015-01-28 14:51 - 2015-01-28 14:51 - 00163360 _____ (Intel Corporation) C:\Windows\system32\SET92B4.tmp
2015-01-28 14:51 - 2015-01-28 14:51 - 00163360 _____ (Intel Corporation) C:\Windows\system32\SET7836.tmp
2015-01-28 14:51 - 2015-01-28 14:51 - 00163360 _____ (Intel Corporation) C:\Windows\system32\SET65EA.tmp
2015-01-28 14:51 - 2015-01-28 14:51 - 00163360 _____ (Intel Corporation) C:\Windows\system32\SET4108.tmp
2015-01-28 14:51 - 2015-01-28 14:51 - 00154656 _____ (Intel Corporation) C:\Windows\system32\difx64.exe
2015-01-28 14:51 - 2015-01-28 14:51 - 00142336 _____ (Intel Corporation) C:\Windows\system32\igfxdo.dll
2015-01-28 14:51 - 2015-01-28 14:51 - 00139909 _____ () C:\Windows\system32\Gfxres.ar-SA.resources
2015-01-28 14:51 - 2015-01-28 14:51 - 00136401 _____ () C:\Windows\system32\Gfxres.ja-JP.resources
2015-01-28 14:51 - 2015-01-28 14:51 - 00133746 _____ () C:\Windows\system32\Gfxres.he-IL.resources
2015-01-28 14:51 - 2015-01-28 14:51 - 00125558 _____ () C:\Windows\system32\Gfxres.it-IT.resources
2015-01-28 14:51 - 2015-01-28 14:51 - 00123230 _____ () C:\Windows\system32\Gfxres.ko-KR.resources
2015-01-28 14:51 - 2015-01-28 14:51 - 00122927 _____ () C:\Windows\system32\Gfxres.es-ES.resources
2015-01-28 14:51 - 2015-01-28 14:51 - 00122709 _____ () C:\Windows\system32\Gfxres.de-DE.resources
2015-01-28 14:51 - 2015-01-28 14:51 - 00122368 _____ (Intel Corporation) C:\Windows\system32\igfxcpl.cpl
2015-01-28 14:51 - 2015-01-28 14:51 - 00121173 _____ () C:\Windows\system32\Gfxres.tr-TR.resources
2015-01-28 14:51 - 2015-01-28 14:51 - 00120800 _____ () C:\Windows\system32\Gfxres.fr-FR.resources
2015-01-28 14:51 - 2015-01-28 14:51 - 00120366 _____ () C:\Windows\system32\Gfxres.pt-BR.resources
2015-01-28 14:51 - 2015-01-28 14:51 - 00119808 _____ (Intel Corporation) C:\Windows\system32\gfxSrvc.dll
2015-01-28 14:51 - 2015-01-28 14:51 - 00119616 _____ () C:\Windows\system32\Gfxres.hu-HU.resources
2015-01-28 14:51 - 2015-01-28 14:51 - 00119586 _____ () C:\Windows\system32\Gfxres.nl-NL.resources
2015-01-28 14:51 - 2015-01-28 14:51 - 00119360 _____ () C:\Windows\system32\Gfxres.sv-SE.resources
2015-01-28 14:51 - 2015-01-28 14:51 - 00119067 _____ () C:\Windows\system32\Gfxres.pt-PT.resources
2015-01-28 14:51 - 2015-01-28 14:51 - 00118745 _____ () C:\Windows\system32\Gfxres.cs-CZ.resources
2015-01-28 14:51 - 2015-01-28 14:51 - 00118697 _____ () C:\Windows\system32\Gfxres.fi-FI.resources
2015-01-28 14:51 - 2015-01-28 14:51 - 00118409 _____ () C:\Windows\system32\Gfxres.pl-PL.resources
2015-01-28 14:51 - 2015-01-28 14:51 - 00118058 _____ () C:\Windows\system32\Gfxres.sk-SK.resources
2015-01-28 14:51 - 2015-01-28 14:51 - 00114852 _____ () C:\Windows\system32\Gfxres.nb-NO.resources
2015-01-28 14:51 - 2015-01-28 14:51 - 00114372 _____ () C:\Windows\system32\Gfxres.sl-SI.resources
2015-01-28 14:51 - 2015-01-28 14:51 - 00114261 _____ () C:\Windows\system32\Gfxres.da-DK.resources
2015-01-28 14:51 - 2015-01-28 14:51 - 00110211 _____ () C:\Windows\system32\Gfxres.en-US.resources
2015-01-28 14:51 - 2015-01-28 14:51 - 00104044 _____ () C:\Windows\system32\Gfxres.zh-TW.resources
2015-01-28 14:51 - 2015-01-28 14:51 - 00102883 _____ () C:\Windows\system32\Gfxres.zh-CN.resources
2015-01-28 14:51 - 2015-01-28 14:51 - 00090112 _____ (Intel Corporation) C:\Windows\system32\igfxCoIn_v2869.dll
2015-01-28 14:51 - 2015-01-28 14:51 - 00088576 _____ (Intel Corporation) C:\Windows\system32\igfxrfra.lrc
2015-01-28 14:51 - 2015-01-28 14:51 - 00088576 _____ (Intel Corporation) C:\Windows\system32\igfxresn.lrc
2015-01-28 14:51 - 2015-01-28 14:51 - 00088576 _____ (Intel Corporation) C:\Windows\system32\igfxrell.lrc
2015-01-28 14:51 - 2015-01-28 14:51 - 00088064 _____ (Intel Corporation) C:\Windows\system32\igfxrsky.lrc
2015-01-28 14:51 - 2015-01-28 14:51 - 00088064 _____ (Intel Corporation) C:\Windows\system32\igfxrrus.lrc
2015-01-28 14:51 - 2015-01-28 14:51 - 00088064 _____ (Intel Corporation) C:\Windows\system32\igfxrptg.lrc
2015-01-28 14:51 - 2015-01-28 14:51 - 00088064 _____ (Intel Corporation) C:\Windows\system32\igfxrplk.lrc
2015-01-28 14:51 - 2015-01-28 14:51 - 00088064 _____ (Intel Corporation) C:\Windows\system32\igfxrnld.lrc
2015-01-28 14:51 - 2015-01-28 14:51 - 00088064 _____ (Intel Corporation) C:\Windows\system32\igfxrita.lrc
2015-01-28 14:51 - 2015-01-28 14:51 - 00088064 _____ (Intel Corporation) C:\Windows\system32\igfxrdeu.lrc
2015-01-28 14:51 - 2015-01-28 14:51 - 00087552 _____ (Intel Corporation) C:\Windows\system32\SETCDD7.tmp
2015-01-28 14:51 - 2015-01-28 14:51 - 00087552 _____ (Intel Corporation) C:\Windows\system32\SETC81C.tmp
2015-01-28 14:51 - 2015-01-28 14:51 - 00087552 _____ (Intel Corporation) C:\Windows\system32\SETBD01.tmp
2015-01-28 14:51 - 2015-01-28 14:51 - 00087552 _____ (Intel Corporation) C:\Windows\system32\SETA82E.tmp
2015-01-28 14:51 - 2015-01-28 14:51 - 00087552 _____ (Intel Corporation) C:\Windows\system32\SET946C.tmp
2015-01-28 14:51 - 2015-01-28 14:51 - 00087552 _____ (Intel Corporation) C:\Windows\system32\SET79A0.tmp
2015-01-28 14:51 - 2015-01-28 14:51 - 00087552 _____ (Intel Corporation) C:\Windows\system32\SET6715.tmp
2015-01-28 14:51 - 2015-01-28 14:51 - 00087552 _____ (Intel Corporation) C:\Windows\system32\SET4243.tmp
2015-01-28 14:51 - 2015-01-28 14:51 - 00087552 _____ (Intel Corporation) C:\Windows\system32\igfxrtrk.lrc
2015-01-28 14:51 - 2015-01-28 14:51 - 00087552 _____ (Intel Corporation) C:\Windows\system32\igfxrsve.lrc
2015-01-28 14:51 - 2015-01-28 14:51 - 00087552 _____ (Intel Corporation) C:\Windows\system32\igfxrslv.lrc
2015-01-28 14:51 - 2015-01-28 14:51 - 00087552 _____ (Intel Corporation) C:\Windows\system32\igfxrptb.lrc
2015-01-28 14:51 - 2015-01-28 14:51 - 00087552 _____ (Intel Corporation) C:\Windows\system32\igfxrnor.lrc
2015-01-28 14:51 - 2015-01-28 14:51 - 00087552 _____ (Intel Corporation) C:\Windows\system32\igfxrhun.lrc
2015-01-28 14:51 - 2015-01-28 14:51 - 00087552 _____ (Intel Corporation) C:\Windows\system32\igfxrfin.lrc
2015-01-28 14:51 - 2015-01-28 14:51 - 00087552 _____ (Intel Corporation) C:\Windows\system32\igfxrcsy.lrc
2015-01-28 14:51 - 2015-01-28 14:51 - 00087040 _____ (Intel Corporation) C:\Windows\system32\igfxrtha.lrc
2015-01-28 14:51 - 2015-01-28 14:51 - 00087040 _____ (Intel Corporation) C:\Windows\system32\igfxrdan.lrc
2015-01-28 14:51 - 2015-01-28 14:51 - 00086528 _____ (Intel Corporation) C:\Windows\system32\igfxrheb.lrc
2015-01-28 14:51 - 2015-01-28 14:51 - 00086528 _____ (Intel Corporation) C:\Windows\system32\igfxrara.lrc
2015-01-28 14:51 - 2015-01-28 14:51 - 00084992 _____ (Intel Corporation) C:\Windows\system32\igfxrkor.lrc
2015-01-28 14:51 - 2015-01-28 14:51 - 00084992 _____ (Intel Corporation) C:\Windows\system32\igfxrjpn.lrc
2015-01-28 14:51 - 2015-01-28 14:51 - 00083968 _____ (Intel Corporation) C:\Windows\system32\igfxrcht.lrc
2015-01-28 14:51 - 2015-01-28 14:51 - 00083968 _____ (Intel Corporation) C:\Windows\system32\igfxrchs.lrc
2015-01-28 14:51 - 2015-01-28 14:51 - 00027648 _____ (Intel Corporation) C:\Windows\system32\igfxexps.dll
2015-01-28 14:51 - 2015-01-28 14:51 - 00023552 _____ (Intel Corporation) C:\Windows\SysWOW64\igfxexps32.dll
2015-01-28 14:51 - 2015-01-28 14:51 - 00005448 _____ () C:\Windows\system32\iglhxs64.vp
2015-01-28 14:51 - 2015-01-28 14:51 - 00004096 _____ ( ) C:\Windows\system32\IGFXDEVLib.dll
2015-01-28 14:50 - 2015-01-28 14:50 - 00145408 _____ (Intel® Corporation) C:\Windows\system32\Drivers\IntcHdmi.sys
2015-01-28 14:50 - 2015-01-28 14:50 - 00006144 _____ () C:\Windows\system32\SET58F0.tmp
2015-01-28 14:43 - 2015-01-30 13:02 - 00002862 _____ () C:\Windows\System32\Tasks\Driver Booster SkipUAC (Cassandra)
2015-01-28 14:43 - 2015-01-28 14:44 - 00002146 _____ () C:\Users\Public\Desktop\Driver Booster 2.lnk
2015-01-28 14:43 - 2015-01-28 14:43 - 00026528 _____ (REALiX™) C:\Windows\SysWOW64\Drivers\HWiNFO64A.SYS
2015-01-28 14:43 - 2015-01-28 14:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Booster 2
2015-01-28 14:42 - 2015-01-28 14:42 - 00002918 _____ () C:\Windows\System32\Tasks\Uninstaller_SkipUac_Cassandra
2015-01-28 14:42 - 2015-01-28 14:42 - 00001230 _____ () C:\Users\Public\Desktop\IObit Uninstaller.lnk
2015-01-28 14:41 - 2015-01-28 14:41 - 00003198 _____ () C:\Windows\System32\Tasks\ASC8_PerformanceMonitor
2015-01-28 14:38 - 2015-01-29 18:22 - 00002183 _____ () C:\Users\Public\Desktop\Advanced SystemCare 8.lnk
2015-01-28 14:38 - 2015-01-28 14:38 - 00002886 _____ () C:\Windows\System32\Tasks\ASC8_SkipUac_Cassandra
2015-01-28 14:38 - 2015-01-28 14:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced SystemCare 8
2015-01-28 14:38 - 2015-01-28 14:38 - 00000000 ____D () C:\ProgramData\{BAF091CA-86C4-4627-ADA1-897E2621C1B0}
2015-01-28 14:37 - 2015-01-28 14:37 - 00000000 ____D () C:\Windows\Tasks\ImCleanDisabled
2015-01-28 14:35 - 2015-01-28 14:36 - 44439248 _____ (IObit ) C:\Users\Cassandra\Downloads\advanced-systemcare-setup(3).exe
2015-01-28 14:34 - 2015-01-28 14:35 - 44439248 _____ (IObit ) C:\Users\Cassandra\Downloads\advanced-systemcare-setup(2).exe
2015-01-28 08:36 - 2015-01-28 08:36 - 00000000 _____ () C:\asc_rdflag
2015-01-28 08:18 - 2015-01-28 14:27 - 00035064 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2015-01-28 08:18 - 2015-01-28 08:18 - 00000000 ____D () C:\ProgramData\RogueKiller
2015-01-28 08:08 - 2015-01-28 14:56 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-01-26 18:28 - 2015-01-30 13:39 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-26 18:28 - 2015-01-30 13:39 - 00097496 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-01-26 18:28 - 2015-01-26 18:28 - 00001104 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-01-26 18:28 - 2015-01-26 18:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-01-26 18:28 - 2015-01-26 18:28 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-01-26 18:28 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-01-26 18:28 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-01-26 18:27 - 2015-01-26 18:27 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Cassandra\Downloads\mbam-setup-2.0.4.1028.exe
2015-01-26 18:25 - 2015-01-29 18:21 - 00000000 ____D () C:\SUPERDelete
2015-01-26 18:25 - 2015-01-26 18:25 - 00001810 _____ () C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2015-01-26 18:25 - 2015-01-26 18:25 - 00000000 ____D () C:\Users\Cassandra\AppData\Roaming\SUPERAntiSpyware.com
2015-01-26 18:25 - 2015-01-26 18:25 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com
2015-01-26 18:25 - 2015-01-26 18:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2015-01-26 18:24 - 2015-01-26 18:25 - 21080456 _____ (SUPERAntiSpyware) C:\Users\Cassandra\Downloads\SUPERAntiSpyware.exe
2015-01-26 17:30 - 2015-01-26 17:30 - 00001578 _____ () C:\ProgramData\tempimage.bmp
2015-01-26 17:30 - 2015-01-26 17:30 - 00000000 ____D () C:\ProgramData\663c14000001d38
2015-01-26 17:13 - 2015-01-26 17:20 - 00002194 _____ () C:\Users\Cassandra\Desktop\chrome.lnk
2015-01-20 09:31 - 2015-01-20 09:31 - 00000000 ____D () C:\Users\Cassandra\AppData\Local\Desktop_Dock
2015-01-20 09:19 - 2015-01-21 16:18 - 00000065 _____ () C:\Users\Cassandra\AppData\Roaming\WB.CFG
2015-01-19 20:53 - 2015-01-19 20:53 - 00000000 ____D () C:\Program Files (x86)\TopTab
2015-01-19 20:39 - 2015-01-19 20:40 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-01-19 20:39 - 2015-01-19 20:39 - 00002021 _____ () C:\Users\Public\Desktop\Adobe Reader XI.lnk
2015-01-19 20:39 - 2015-01-19 20:39 - 00000000 ____D () C:\Program Files (x86)\Adobe
2015-01-19 20:24 - 2015-01-26 18:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KNCTR
2015-01-19 20:19 - 2015-01-19 20:19 - 00003776 _____ () C:\Windows\System32\Tasks\NNYOXBV
2015-01-19 20:19 - 2015-01-07 21:07 - 00045216 _____ () C:\Windows\system32\Drivers\cmwr.sys
2015-01-19 20:19 - 2015-01-07 21:07 - 00033952 _____ () C:\Windows\system32\Drivers\cmwf.sys
2015-01-19 20:19 - 2015-01-07 20:54 - 00370688 _____ (CartCrunch Israel Ltd.) C:\Windows\system32\ColorMedia64.dll
2015-01-19 20:19 - 2015-01-07 20:54 - 00324776 _____ (CartCrunch Israel Ltd.) C:\Windows\SysWOW64\ColorMedia.dll
2015-01-19 20:17 - 2015-01-26 18:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\turbodiagnosis
2015-01-14 12:41 - 2015-01-26 19:41 - 04087472 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2015-01-14 07:02 - 2014-12-18 21:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-14 07:02 - 2014-12-18 19:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-14 07:02 - 2014-12-11 23:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-14 07:02 - 2014-12-11 23:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-01-14 07:02 - 2014-12-11 23:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-01-14 07:02 - 2014-12-11 23:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-01-14 07:02 - 2014-12-11 23:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-01-14 07:02 - 2014-12-11 23:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-01-14 07:02 - 2014-12-11 23:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-01-14 07:02 - 2014-12-11 11:47 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-14 07:02 - 2014-12-05 22:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-14 07:02 - 2014-12-05 21:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-01-14 07:02 - 2014-12-05 21:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2015-01-13 12:07 - 2015-01-13 12:07 - 00001785 _____ () C:\Users\Public\Desktop\iTunes.lnk
2015-01-13 12:07 - 2015-01-13 12:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-01-13 12:07 - 2015-01-13 12:07 - 00000000 ____D () C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2015-01-13 12:07 - 2015-01-13 12:07 - 00000000 ____D () C:\Program Files\iTunes
2015-01-13 12:07 - 2015-01-13 12:07 - 00000000 ____D () C:\Program Files\iPod
2015-01-13 12:07 - 2015-01-13 12:07 - 00000000 ____D () C:\Program Files (x86)\iTunes
2015-01-12 08:43 - 2015-01-26 17:27 - 00000000 ____D () C:\Users\Cassandra\AppData\Roaming\K9Tools
2015-01-12 08:43 - 2015-01-26 17:05 - 00003062 _____ () C:\Windows\System32\Tasks\K9-PC Protector_startup
2015-01-12 08:43 - 2015-01-12 08:43 - 00000000 ____D () C:\Users\Cassandra\AppData\Roaming\K9AMW
2015-01-12 08:42 - 2015-01-12 08:42 - 00003042 _____ () C:\Windows\System32\Tasks\K9-PCFixer_UPDATES
2015-01-12 08:42 - 2015-01-12 08:42 - 00002886 _____ () C:\Windows\System32\Tasks\K9-PCFixer_DEFAULT
2015-01-12 08:37 - 2015-01-12 08:40 - 44929808 _____ (IObit ) C:\Users\Cassandra\Downloads\advanced-systemcare-setup(1).exe
2015-01-12 08:37 - 2015-01-12 08:38 - 03540456 _____ (K9 Tools ) C:\Users\Cassandra\Downloads\setup.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-30 14:03 - 2014-12-10 06:51 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-30 13:56 - 2011-04-23 12:18 - 00000000 ____D () C:\Users\Cassandra\AppData\Local\Deployment
2015-01-30 13:41 - 2012-04-03 16:57 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-30 13:35 - 2009-07-13 22:45 - 00022464 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-30 13:35 - 2009-07-13 22:45 - 00022464 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-30 13:28 - 2011-04-24 22:00 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2015-01-30 13:27 - 2014-12-10 06:51 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-30 13:26 - 2009-07-13 23:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-30 13:11 - 2011-04-24 21:38 - 00000924 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-637550786-695466938-1670476771-1000UA.job
2015-01-30 12:55 - 2014-08-23 08:58 - 00000000 ____D () C:\Users\Cassandra\AppData\Local\Intuit
2015-01-30 12:55 - 2009-07-13 22:45 - 00027648 _____ () C:\Windows\system32\umstartup.etl
2015-01-30 12:54 - 2009-07-13 23:10 - 01612504 _____ () C:\Windows\WindowsUpdate.log
2015-01-30 05:26 - 2011-04-24 09:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2015-01-30 05:26 - 2011-04-24 09:52 - 00000000 ____D () C:\Program Files\CCleaner
2015-01-30 00:11 - 2011-04-24 21:38 - 00000872 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-637550786-695466938-1670476771-1000Core.job
2015-01-29 18:24 - 2011-02-24 01:40 - 00000000 ____D () C:\ProgramData\Sonic
2015-01-29 17:34 - 2014-08-30 23:48 - 00000000 ____D () C:\ProgramData\ProductData
2015-01-28 21:22 - 2011-04-23 12:13 - 00000000 ____D () C:\Users\Cassandra
2015-01-28 21:19 - 2014-08-30 23:49 - 00000000 ____D () C:\Users\Cassandra\AppData\Roaming\ProductData
2015-01-28 21:19 - 2012-04-26 21:05 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-01-28 21:19 - 2011-11-10 20:24 - 00000000 ____D () C:\ProgramData\Apple
2015-01-28 21:19 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\registration
2015-01-28 14:57 - 2011-04-24 19:35 - 00000000 ____D () C:\Windows\SysWOW64\Adobe
2015-01-28 14:57 - 2011-02-24 01:24 - 00526768 _____ (Sun Microsystems, Inc.) C:\Windows\system32\deployJava1.dll
2015-01-28 14:56 - 2011-02-24 01:24 - 00473520 _____ (Sun Microsystems, Inc.) C:\Windows\SysWOW64\deployJava1.dll
2015-01-28 14:55 - 2011-02-24 03:20 - 00000000 ____D () C:\Windows\SysWOW64\RTCOM
2015-01-28 14:53 - 2011-02-24 03:04 - 00107552 _____ (Realtek Semiconductor Corporation) C:\Windows\system32\RTNUninst64.dll
2015-01-28 14:52 - 2011-02-24 01:24 - 00000000 ____D () C:\Program Files (x86)\Intel
2015-01-28 14:51 - 2011-02-24 03:04 - 04722176 _____ (Intel Corporation) C:\Windows\system32\igd10umd64.dll
2015-01-28 14:51 - 2011-02-24 03:04 - 00830464 _____ (Intel Corporation) C:\Windows\system32\igfxress.dll
2015-01-28 14:51 - 2011-02-24 03:04 - 00108544 _____ (Intel Corporation) C:\Windows\system32\hccutils.dll
2015-01-28 14:51 - 2011-02-24 03:04 - 00061952 _____ (Intel Corporation) C:\Windows\system32\igfxsrvc.dll
2015-01-28 14:51 - 2011-02-11 18:04 - 04338688 _____ (Intel Corporation) C:\Windows\SysWOW64\igd10umd32.dll
2015-01-28 14:43 - 2014-08-30 23:47 - 00000000 ____D () C:\ProgramData\IObit
2015-01-28 14:43 - 2014-08-30 23:45 - 00000000 ____D () C:\Users\Cassandra\AppData\Roaming\IObit
2015-01-28 14:42 - 2014-08-30 23:47 - 00000000 ____D () C:\Program Files (x86)\IObit
2015-01-28 08:36 - 2014-09-22 15:22 - 92270592 _____ () C:\Windows\system32\config\SOFTWARE.iodefrag.bak
2015-01-28 08:36 - 2014-09-22 15:22 - 00270336 _____ () C:\Windows\system32\config\DEFAULT.iodefrag.bak
2015-01-28 08:36 - 2014-09-22 15:22 - 00057344 _____ () C:\Windows\system32\config\SAM.iodefrag.bak
2015-01-28 08:36 - 2014-09-22 15:22 - 00024576 _____ () C:\Windows\system32\config\SECURITY.iodefrag.bak
2015-01-28 07:58 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\system32\NDF
2015-01-26 19:41 - 2012-04-03 16:57 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-01-26 19:41 - 2012-04-03 16:57 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-01-26 19:41 - 2011-06-14 23:00 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-26 18:25 - 2011-06-09 20:38 - 00000000 ____D () C:\Users\Cassandra\AppData\Local\The Weather Channel
2015-01-26 18:09 - 2011-04-24 19:45 - 00000000 ___RD () C:\Users\Cassandra\Desktop\My Games
2015-01-26 18:05 - 2009-07-13 21:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2015-01-26 17:53 - 2012-02-20 22:34 - 00361830 _____ () C:\Users\Cassandra\Desktop\Tigger.jpeg
2015-01-26 17:52 - 2014-01-29 03:02 - 00774632 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2015-01-26 17:52 - 2009-07-13 23:13 - 00774632 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-26 17:27 - 2011-04-24 11:15 - 00000000 ____D () C:\Program Files\LockHunter
2015-01-19 20:39 - 2011-02-24 01:27 - 00000000 ____D () C:\ProgramData\Adobe
2015-01-14 23:23 - 2013-08-14 17:29 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-14 23:18 - 2011-04-25 10:12 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-01-13 12:07 - 2011-11-10 20:26 - 00000000 ____D () C:\ProgramData\Apple Computer
2015-01-13 12:07 - 2011-11-10 20:24 - 00000000 ____D () C:\Program Files\Common Files\Apple
2015-01-13 12:06 - 2014-02-04 21:30 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2015-01-13 06:46 - 2009-07-13 23:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2014-12-31 05:14 - 2011-04-24 10:56 - 00298120 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe

==================== Files in the root of some directories =======

2013-06-30 08:37 - 2014-06-22 09:51 - 0003728 _____ () C:\Program Files (x86)\Mozilla Firefoxavg-secure-search.xml
2011-11-07 20:45 - 2011-11-07 20:45 - 0000272 _____ () C:\Users\Cassandra\AppData\Roaming\.backup.dm
2015-01-20 09:19 - 2015-01-21 16:18 - 0000065 _____ () C:\Users\Cassandra\AppData\Roaming\WB.CFG
2013-10-03 20:24 - 2014-11-10 16:37 - 0014848 _____ () C:\Users\Cassandra\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-01-29 17:46 - 2015-01-29 17:46 - 0007596 _____ () C:\Users\Cassandra\AppData\Local\Resmon.ResmonCfg
2011-04-24 21:55 - 2011-04-24 21:55 - 0000043 ___SH () C:\ProgramData\.zreglib
2015-01-26 17:30 - 2015-01-26 17:30 - 0001578 _____ () C:\ProgramData\tempimage.bmp

Some content of TEMP:
====================
C:\Users\Cassandra\AppData\Local\Temp\Quarantine.exe
C:\Users\Cassandra\AppData\Local\Temp\sqlite3.dll

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-01-26 21:02

==================== End Of Log =====================

 

 

 

 

Here is the Additon Log

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 28-01-2015
Ran by Cassandra at 2015-01-30 14:05:55
Running from C:\Users\Cassandra\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
AS: Microsoft Security Essentials (Enabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.296 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.296 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.09) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.6.156 - Adobe Systems, Inc.)
Advanced SystemCare 8 (HKLM-x32\...\Advanced SystemCare 8_is1) (Version: 8.1.0 - IObit)
AnyDVD (HKLM-x32\...\AnyDVD) (Version: 6.7.7.0 - SlySoft)
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Ashampoo Burning Studio 10.0.3 (HKLM-x32\...\Ashampoo Burning Studio 10_is1) (Version: 10.0.3 - ashampoo GmbH & Co. KG)
Auslogics Disk Defrag (HKLM-x32\...\{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1) (Version: version 3.1 - Auslogics Software Pty Ltd)
Best Buy pc app (Version: 3.1.0.0 - Best Buy) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.02 - Piriform)
Cisco Connect (HKLM-x32\...\Cisco Connect) (Version: 1.4.11266.0 - Cisco Consumer Products LLC)
Citrix Online Launcher (HKLM-x32\...\{E1B40232-F73B-4BF9-A819-E352CCC1EDEF}) (Version: 1.0.122 - Citrix)
CloneDVD2 (HKLM-x32\...\CloneDVD2) (Version: 2.9.2.8 - Elaborate Bytes)
CloneDVDmobile (HKLM-x32\...\CloneDVDmobile) (Version: 1.7.0.0 - SlySoft)
Dell DataSafe Local Backup - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version:  - Dell)
Dell DataSafe Local Backup (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 9.4.47 - Dell)
Dell Dock (HKLM-x32\...\Dell Dock) (Version: 2.0 - Stardock Corporation)
Dell Dock (Version: 2.0 - Stardock Corporation) Hidden
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Dell Getting Started Guide (HKLM-x32\...\{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}) (Version: 1.00.0000 - Dell Inc.)
Dell Product Registration (HKLM-x32\...\{2A0F2CC5-3065-492C-8380-B03AA7106B1A}) (Version: 1.0.6 - Dell Inc.)
Desktop Icon Position Saver (64-bit) (HKLM-x32\...\dips64) (Version:  - )
DirectX 9 Runtime (x32 Version: 1.00.0000 - Sonic Solutions) Hidden
doPDF 7.2 printer (HKLM\...\doPDF 7 printer_is1) (Version:  - Softland)
Driver Booster 2.1 (HKLM-x32\...\Driver Booster_is1) (Version: 2.1 - IObit)
DVDFab 8.0.7.3 (29/01/2011) (HKLM\...\DVDFab 8 Retail Dimitry_is1) (Version:  - )
Epson CreativeZone (HKLM-x32\...\{E6C82F8F-2031-4825-8CC3-98C5960875C1}) (Version:  - )
Epson Easy Photo Print 2 (HKLM-x32\...\{39F58DDB-B2B8-4B86-AF20-4706A80EB30D}) (Version: 2.2.0.0 - SEIKO EPSON CORPORATION)
Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser) (HKLM-x32\...\{B2D55EB8-32C5-4B43-9006-9E97DECBA178}) (Version: 1.00.0000 - SEIKO EPSON CORPORATION)
Epson Event Manager (HKLM-x32\...\{03B8AA32-F23C-4178-B8E6-09ECD07EAA47}) (Version: 2.40.0001 - SEIKO EPSON CORPORATION)
EPSON NX125 NX127 Series Printer Uninstall (HKLM\...\EPSON NX125 NX127 Series) (Version:  - SEIKO EPSON Corporation)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
explorer-task (HKLM-x32\...\{8B5E8E15-7229-4C46-887A-27E1F62AC7FC}) (Version: 1.0.0 - TopTab)
FrostWire 4.21.5 (HKLM-x32\...\FrostWire) (Version: 4.21.5.0 - FrostWire Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.99 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
GoToAssist 8.0.0.514 (HKLM-x32\...\GoToAssist) (Version:  - )
GoToMeeting 5.8.0.1189 (HKU\S-1-5-21-637550786-695466938-1670476771-1000\...\GoToMeeting) (Version: 5.8.0.1189 - CitrixOnline)
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.5.0 - LIGHTNING UK!)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2869 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.6.0.1014 - Intel Corporation)
IObit Uninstaller (HKLM-x32\...\IObitUninstall) (Version: 4.2.6.2 - IObit)
Itibiti RTC (x32 Version: 0.0.1 - Itibiti Inc) Hidden
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
Java™ 6 Update 45 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416045FF}) (Version: 6.0.450 - Oracle)
Java™ 6 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216045FF}) (Version: 6.0.450 - Oracle)
Junk Mail filter update (x32 Version: 14.0.8089.726 - Microsoft Corporation) Hidden
K-Lite Codec Pack (64-bit) v4.6.5 (HKLM\...\KLiteCodecPack64_is1) (Version: 4.6.5 - )
K-Lite Mega Codec Pack 7.1.5 (HKLM-x32\...\KLiteCodecPack_is1) (Version: 7.1.5 - )
K-Lite Video Conversion Pack 1.7.0 (HKLM-x32\...\klvideoconvert_is1) (Version: 1.7.0 - )
LTCM Client (HKLM-x32\...\LTCM Client) (Version:  - Leader Technologies Inc.)
magicJack (HKU\S-1-5-21-637550786-695466938-1670476771-1000\...\magicJack) (Version: 2.0.6073.4413 - magicJack L.P.)
magicJack Recovery Tool 1.0 (HKLM-x32\...\magicJack Recovery Tool_is1) (Version:  - magicJack, L.P.)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
MemoriesOnTV 3.1.8 (HKLM-x32\...\MemoriesOnTV3_is1) (Version:  - )
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office 2007 Primary Interop Assemblies (HKLM-x32\...\{50120000-1105-0000-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Sync Framework Runtime Native v1.0 (x86) (HKLM-x32\...\{8A74E887-8F0F-4017-AF53-CBA42211AAA5}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Sync Framework Services Native v1.0 (x86) (HKLM-x32\...\{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual Studio 2005 Tools for Office Runtime (HKLM-x32\...\Microsoft Visual Studio 2005 Tools for Office Runtime) (Version:  - Microsoft Corporation)
Mozilla Firefox 35.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 35.0.1 (x86 en-US)) (Version: 35.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
Mozilla Thunderbird 17.0.6 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 17.0.6 (x86 en-US)) (Version: 17.0.6 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
Music Manager (HKU\S-1-5-21-637550786-695466938-1670476771-1000\...\MusicManager) (Version:  - Google, Inc.)
Nero BurnLite 10 (HKLM-x32\...\{842BEE12-CCCB-43F4-ABAF-CBA6DFE2583D}) (Version: 10.0.10600 - Nero AG)
Nero BurnLite 10 (HKLM-x32\...\{AB627AF2-9C7E-4DBD-816B-3B2646B81E89}) (Version: 10.0.10500.5.100 - Nero AG)
PhotoShowExpress (x32 Version: 2.0.028 - Sonic Solutions) Hidden
QuickBooks (x32 Version: 21.0.4006.904 - Intuit Inc.) Hidden
QuickBooks Pro 2011 (HKLM-x32\...\{11E0AC7D-6822-4F67-865F-EE1C13D28C38}) (Version: 21.0.4006.904 - Intuit Inc.)
RBVirtualFolder64Inst (Version: 1.00.0000 - Roxio, Inc.) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7373 - Realtek Semiconductor Corp.)
Roxio Creator Starter (HKLM-x32\...\{6F0BBEFE-BE1C-419B-BA1F-D36C9E7915BC}) (Version: 12.1.40.0 - Roxio)
Roxio File Backup (Version: 1.3.2 - Roxio) Hidden
Smart Defrag 3 (HKLM-x32\...\Smart Defrag 3_is1) (Version: 3.2 - IObit)
Sonic CinePlayer Decoder Pack (x32 Version: 4.3.0 - Sonic Solutions) Hidden
Sothink Movie DVD Maker (HKLM-x32\...\{4F94119D-1B71-400e-9F04-B4E5CEAE71F8}_is1) (Version: 3.5 - SourceTec Software Co., LTD)
Spotify (HKU\S-1-5-21-637550786-695466938-1670476771-1000\...\Spotify) (Version: 0.9.6.81.gd359a796 - Spotify AB)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1168 - SUPERAntiSpyware.com)
Surfing Protection (HKLM-x32\...\IObit Surfing Protection_is1) (Version: 1.2 - IObit)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Visual Studio 2008 x64 Redistributables (HKLM-x32\...\{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}) (Version: 10.0.0.2 - AVG Technologies)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8089.0726 - Microsoft Corporation)
Windows Live Sign-in Assistant (HKLM-x32\...\{45338B07-A236-4270-9A77-EBB4115517B5}) (Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)
Windows Live Upload Tool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
WinRAR archiver (HKLM\...\WinRAR archiver) (Version:  - )

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-637550786-695466938-1670476771-1000_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Program Files (x86)\Citrix\GoToMeeting\1189\G2MOutlookAddin64.dll (Citrix Online, a division of Citrix Systems, Inc.)
CustomCLSID: HKU\S-1-5-21-637550786-695466938-1670476771-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Cassandra\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-637550786-695466938-1670476771-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Cassandra\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll (Google Inc.)

==================== Restore Points  =========================

26-01-2015 17:04:30 Windows Update
26-01-2015 17:47:21 Windows Update
26-01-2015 18:04:52 Windows Update
28-01-2015 14:48:45 Driver Booster : Adobe Shockwave
28-01-2015 14:57:59 Installed DirectX
29-01-2015 18:35:47 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 20:34 - 2009-06-10 15:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {016D7026-A091-45A8-AC16-7CFFDAC6CA74} - System32\Tasks\Uninstaller_SkipUac_Administrator => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe [2015-01-20] (IObit)
Task: {11E16CE9-FE33-4A6A-91A3-783731FE7409} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-12-10] (Google Inc.)
Task: {143C67E3-9837-4309-BC04-6EE9BA22B94C} - System32\Tasks\ASC8_PerformanceMonitor => C:\Program Files (x86)\IObit\Advanced SystemCare 8\Monitor.exe [2015-01-23] (IObit)
Task: {192E9D03-9A34-4D36-A779-A5ADFC135181} - System32\Tasks\Adobe online update program => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-09-12] (Adobe Systems Incorporated)
Task: {2664DE1A-3FF0-4958-B5CA-612905E11EC1} - \CIMT_daily_S-1-5-21-637550786-695466938-1670476771-1000 No Task File <==== ATTENTION
Task: {2F917391-931F-4646-9A01-856DCBD767AB} - System32\Tasks\SmartDefrag3_Startup => C:\Program Files (x86)\IObit\Smart Defrag 3\SmartDefrag.exe [2014-07-02] (IObit)
Task: {3D977DC8-D880-4F5F-A014-4906C989B274} - System32\Tasks\Driver Booster SkipUAC (Cassandra) => C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe [2015-01-07] (IObit)
Task: {48F00C8D-94FA-4AF4-B73C-F793ABC5A329} - \CIMT_S-1-5-21-637550786-695466938-1670476771-1000 No Task File <==== ATTENTION
Task: {4F3877F1-D0F8-46DC-90C7-D04323A06C97} - System32\Tasks\Uninstaller_SkipUac_Cassandra => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe [2015-01-20] (IObit)
Task: {65267D71-DF29-4310-9CD9-D16BE1513DF3} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-637550786-695466938-1670476771-1000UA => C:\Users\Cassandra\AppData\Local\Google\Update\GoogleUpdate.exe [2014-10-22] (Google Inc.)
Task: {6965BFBE-90C3-44B6-9A6B-7F3712F88971} - System32\Tasks\K9-PC Protector_startup => C:\Program Files (x86)\K9-PC Protector\k9pcp.exe
Task: {714EC160-5557-412B-A9AB-6670A929ED7E} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-637550786-695466938-1670476771-1000Core => C:\Users\Cassandra\AppData\Local\Google\Update\GoogleUpdate.exe [2014-10-22] (Google Inc.)
Task: {756DFB97-EB44-46CE-A167-DE70FFCE4D40} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-26] (Adobe Systems Incorporated)
Task: {76729078-CA4A-45F9-B545-0AB2A39546A5} - System32\Tasks\K9-PCFixer_DEFAULT => C:\Program Files (x86)\K9-PCFixer\K9-PCFixer.exe
Task: {8A043439-56D9-4553-BD77-8DE12118D2A1} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe
Task: {8B3C66F6-135F-476B-9767-BBC76004F20E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-12-10] (Google Inc.)
Task: {9F1D8BA0-75A7-4EFF-80D7-3773B56517E6} - System32\Tasks\ASC8_SkipUac_Cassandra => C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASC.exe [2015-01-27] (IObit)
Task: {A06EB25C-05D7-447A-9248-563D812835FE} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {A659A544-1E93-4D20-9CE3-FD248775D183} - System32\Tasks\NNYOXBV => C:\ProgramData\3a8e94626c7e455eab9ee6b45c18d0d0\3a8e94626c7e455eab9ee6b45c18d0d0.exe
Task: {A92B53DA-55F2-4003-957D-393E2B073E8B} - System32\Tasks\SmartDefrag3_Update => C:\Program Files (x86)\IObit\Smart Defrag 3\AutoUpdate.exe [2014-07-03] (IObit)
Task: {B236F5BE-9313-4EC6-9662-75BA09A39216} - System32\Tasks\K9-PCFixer_UPDATES => C:\Program Files (x86)\K9-PCFixer\K9-PCFixer.exe
Task: {C68E3C6B-5C3E-4C07-BB19-2CD0922AD88C} - System32\Tasks\Google Updater and Installer => C:\Users\Cassandra\AppData\Local\Google\Update\GoogleUpdate.exe [2014-10-22] (Google Inc.)
Task: {E0C785DF-23AB-411D-BF38-FF4FD441B22C} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-01-20] (Piriform Ltd)
Task: {F297E0AD-CA3F-43F3-8B6B-9F2872E40997} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2012-09-17] (Sun Microsystems, Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-637550786-695466938-1670476771-1000Core.job => C:\Users\Cassandra\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-637550786-695466938-1670476771-1000UA.job => C:\Users\Cassandra\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\Uninstaller_SkipUac_Cassandra.job => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe

==================== Loaded Modules (whitelisted) =============

2011-04-24 10:47 - 2010-03-15 10:28 - 00166400 _____ () C:\Program Files\WinRAR\rarext.dll
2014-11-26 13:02 - 2014-11-26 13:02 - 00022016 _____ () C:\Program Files (x86)\TopTab\explorer-task\explorer-task.exe
2014-10-16 17:53 - 2014-10-16 17:53 - 00472576 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_64\VistaBridgeLibrary\602ab9ddf3440af31bb4c168b59f2ba5\VistaBridgeLibrary.ni.dll
2015-01-28 14:38 - 2013-10-25 12:08 - 00517408 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare 8\sqlite3.dll
2014-01-20 13:17 - 2014-01-20 13:17 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 13:05 - 2014-10-11 13:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2015-01-28 14:38 - 2013-01-15 18:48 - 00348992 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare 8\madExcept_.bpl
2015-01-28 14:38 - 2013-01-15 18:48 - 00183616 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare 8\madBasic_.bpl
2015-01-28 14:38 - 2013-01-15 18:48 - 00051008 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare 8\madDisAsm_.bpl
2014-08-31 00:48 - 2014-06-04 14:17 - 00892288 _____ () C:\Program Files (x86)\IObit\Smart Defrag 3\webres.dll
2011-02-24 01:29 - 2010-08-11 18:19 - 00056544 _____ () C:\Program Files (x86)\Dell DataSafe Local Backup\STCoreXml.dll
2011-02-24 01:29 - 2010-08-11 18:19 - 00113888 _____ () C:\Program Files (x86)\Dell DataSafe Local Backup\PSTVdsDisk.dll
2011-02-24 01:29 - 2010-08-11 18:19 - 00126176 _____ () C:\Program Files (x86)\Dell DataSafe Local Backup\STLog.dll
2015-01-28 14:38 - 2013-01-15 18:47 - 00893248 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare 8\webres.dll
2011-03-05 20:03 - 2011-03-05 20:03 - 00268064 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2011\boost_regex-vc90-mt-p-1_33.dll
2011-03-05 20:03 - 2011-03-05 20:03 - 00020256 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2011\QBCompressor.dll
2005-07-19 22:18 - 2005-07-19 22:18 - 00059904 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2011\zlib1.dll
2011-03-05 20:03 - 2011-03-05 20:03 - 00346400 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2011\BackupLib.dll
2011-03-05 20:03 - 2011-03-05 20:03 - 00124704 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2011\QBMAPILibrary.dll
2011-03-05 20:03 - 2011-03-05 20:03 - 00175904 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2011\boost_serialization-vc90-mt-p-1_33.dll
2011-03-05 20:03 - 2011-03-05 20:03 - 00041760 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2011\mbpopup.dll
2014-08-30 23:48 - 2013-01-15 18:48 - 00348992 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\madExcept_.bpl
2014-08-30 23:48 - 2013-01-15 18:48 - 00183616 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\madBasic_.bpl
2014-08-30 23:48 - 2013-01-15 18:48 - 00051008 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\madDisAsm_.bpl
2014-10-16 17:48 - 2014-10-16 17:48 - 00170496 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\3d576cbc4ffc5ad06fd61510c5d8f326\IsdiInterop.ni.dll
2011-02-24 01:24 - 2010-03-03 20:08 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll
2015-01-16 18:04 - 2015-01-08 18:35 - 01077064 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.99\libglesv2.dll
2015-01-16 18:04 - 2015-01-08 18:35 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.99\libegl.dll
2015-01-16 18:04 - 2015-01-08 18:35 - 14913352 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.99\PepperFlash\pepflashplayer.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:0B4227B4
AlternateDataStreams: C:\ProgramData\TEMP:5C321E34
AlternateDataStreams: C:\Users\Cassandra\Desktop\sf-50 2014.jpeg:3or4kl4x13tuuug3Byamue2s4b
AlternateDataStreams: C:\Users\Cassandra\Desktop\sf-50 2014.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Users\Cassandra\Desktop\sf-50 2014.jpeg.jpeg:3or4kl4x13tuuug3Byamue2s4b
AlternateDataStreams: C:\Users\Cassandra\Desktop\sf-50 2014.jpeg.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Users\Cassandra\Desktop\SF50 4-24.jpeg:3or4kl4x13tuuug3Byamue2s4b
AlternateDataStreams: C:\Users\Cassandra\Desktop\SF50 4-24.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Users\Cassandra\Desktop\Tigger.jpeg:3or4kl4x13tuuug3Byamue2s4b
AlternateDataStreams: C:\Users\Cassandra\Desktop\Tigger.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\cmwf.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\cmwr.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\cmwf.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\cmwr.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ColorMedia => ""="service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\GoToAssist => ""="Service"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: Apple Mobile Device => 2
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: DSUpdateLauncher => "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe" /NOCONSOLE /D="C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate" /RUNAS "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe"
MSCONFIG\startupreg: GoogleChromeAutoLaunch_63990A7A6D14639F8C595D19122B51CA => "C:\Users\Cassandra\AppData\Local\Google\Chrome\Application\chrome.exe" --no-startup-window
MSCONFIG\startupreg: Launcher => C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe
MSCONFIG\startupreg: STToasterLauncher => C:\Program Files (x86)\Dell DataSafe Local Backup\toasterLauncher.exe

========================= Accounts: ==========================

Administrator (S-1-5-21-637550786-695466938-1670476771-500 - Administrator - Disabled)
Cassandra (S-1-5-21-637550786-695466938-1670476771-1000 - Administrator - Enabled) => C:\Users\Cassandra
Guest (S-1-5-21-637550786-695466938-1670476771-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-637550786-695466938-1670476771-1003 - Limited - Enabled)

==================== Faulty Device Manager Devices =============

Name: avgtp
Description: avgtp
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: avgtp
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

==================== Event log errors: =========================

Application errors:
==================
Error: (01/30/2015 01:28:58 PM) (Source: QuickBooks) (EventID: 4) (User: )
Description: An unexpected error has occured in "QuickBooks":
Returning NULL QBWinInstance Handle

Error: (01/30/2015 01:28:58 PM) (Source: QuickBooks) (EventID: 4) (User: )
Description: An unexpected error has occured in "QuickBooks":
Returning NULL QBWinInstance Handle

Error: (01/30/2015 01:28:58 PM) (Source: QuickBooks) (EventID: 4) (User: )
Description: An unexpected error has occured in "QuickBooks":
Returning NULL QBWinInstance Handle

Error: (01/30/2015 01:20:08 PM) (Source: QuickBooks) (EventID: 4) (User: )
Description: An unexpected error has occured in "QuickBooks":
Returning NULL QBWinInstance Handle

Error: (01/30/2015 01:20:08 PM) (Source: QuickBooks) (EventID: 4) (User: )
Description: An unexpected error has occured in "QuickBooks":
Returning NULL QBWinInstance Handle

Error: (01/30/2015 01:20:08 PM) (Source: QuickBooks) (EventID: 4) (User: )
Description: An unexpected error has occured in "QuickBooks":
Returning NULL QBWinInstance Handle

Error: (01/30/2015 00:58:56 PM) (Source: QuickBooks) (EventID: 4) (User: )
Description: An unexpected error has occured in "QuickBooks":
Returning NULL QBWinInstance Handle

Error: (01/30/2015 00:58:56 PM) (Source: QuickBooks) (EventID: 4) (User: )
Description: An unexpected error has occured in "QuickBooks":
Returning NULL QBWinInstance Handle

Error: (01/30/2015 00:58:56 PM) (Source: QuickBooks) (EventID: 4) (User: )
Description: An unexpected error has occured in "QuickBooks":
Returning NULL QBWinInstance Handle

Error: (01/30/2015 00:55:04 PM) (Source: AdvancedSystemCareService8) (EventID: 0) (User: )
Description: The handle is invalid

System errors:
=============
Error: (01/30/2015 01:30:58 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The CLCV0 service terminated unexpectedly.  It has done this 1 time(s).

Error: (01/30/2015 01:27:28 PM) (Source: VDS Basic Provider) (EventID: 1) (User: )
Description: Unexpected failure. Error code: D@01010004

Error: (01/30/2015 01:27:27 PM) (Source: VDS Basic Provider) (EventID: 1) (User: )
Description: Unexpected failure. Error code: D@01010004

Error: (01/30/2015 01:27:23 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
AVGIDSHA
avgtp

Error: (01/30/2015 01:26:29 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \SystemRoot\SysWow64\drivers\pfc.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

Error: (01/30/2015 01:25:37 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Software Protection service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.

Error: (01/30/2015 01:25:37 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel® Rapid Storage Technology service terminated unexpectedly.  It has done this 1 time(s).

Error: (01/30/2015 01:25:37 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Media Player Network Sharing Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (01/30/2015 01:25:37 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The iPod Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (01/30/2015 01:25:37 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.

Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
  Date: 2015-01-19 20:27:58.541
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\BubbleSound\BubbleSound.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-01-19 20:27:58.463
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\BubbleSound\BubbleSound.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-01-19 20:27:48.273
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\BubbleSound\BubbleSound.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-01-19 20:27:48.195
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\BubbleSound\BubbleSound.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-01-19 20:27:40.068
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\BubbleSound\BubbleSound.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-01-19 20:27:39.979
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\BubbleSound\BubbleSound.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-01-19 20:26:53.030
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\BubbleSound\BubbleSound.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-01-19 20:26:52.948
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\BubbleSound\BubbleSound.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-01-19 20:26:41.875
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\BubbleSound\BubbleSound.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-01-19 20:26:41.794
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\BubbleSound\BubbleSound.dll because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Processor: Pentium® Dual-Core CPU E5800 @ 3.20GHz
Percentage of memory in use: 54%
Total physical RAM: 3036.98 MB
Available physical RAM: 1384.72 MB
Total Pagefile: 6072.15 MB
Available Pagefile: 3957.81 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:454.84 GB) (Free:359.92 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: C648A420)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=10.9 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=454.8 GB) - (Type=07 NTFS)

==================== End Of Log ============================



#4 nasdaq

nasdaq

  • Malware Response Team
  • 38,978 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:14 PM

Posted 31 January 2015 - 10:40 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

If PicColor Utility is installed on your computer you should first remove it using the Add/Remove Programs appet.

===

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.
start

CloseProcesses:

HKLM-x32\...\Run: [] => [X]
Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll [X]
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (No File)
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (No File)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR HKU\S-1-5-21-637550786-695466938-1670476771-1000\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = https://www.yahoo.com?fr=hp-avast&type=odc278
HKU\S-1-5-21-637550786-695466938-1670476771-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.yahoo.com?fr=hp-avast&type=odc278
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
Toolbar: HKLM - No Name - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} -  No File
Toolbar: HKU\S-1-5-21-637550786-695466938-1670476771-1000 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
Winsock: Catalog9 01 C:\Windows\SysWOW64\ColorMedia.dll [324776] (CartCrunch Israel Ltd.)
Winsock: Catalog9 02 C:\Windows\SysWOW64\ColorMedia.dll [324776] (CartCrunch Israel Ltd.)
Winsock: Catalog9 03 C:\Windows\SysWOW64\ColorMedia.dll [324776] (CartCrunch Israel Ltd.)
Winsock: Catalog9 04 C:\Windows\SysWOW64\ColorMedia.dll [324776] (CartCrunch Israel Ltd.)
Winsock: Catalog9 15 C:\Windows\SysWOW64\ColorMedia.dll [324776] (CartCrunch Israel Ltd.)
Winsock: Catalog9-x64 01 C:\Windows\system32\ColorMedia64.dll [370688] (CartCrunch Israel Ltd.)
Winsock: Catalog9-x64 02 C:\Windows\system32\ColorMedia64.dll [370688] (CartCrunch Israel Ltd.)
Winsock: Catalog9-x64 03 C:\Windows\system32\ColorMedia64.dll [370688] (CartCrunch Israel Ltd.)
Winsock: Catalog9-x64 04 C:\Windows\system32\ColorMedia64.dll [370688] (CartCrunch Israel Ltd.)
Winsock: Catalog9-x64 15 C:\Windows\system32\ColorMedia64.dll [370688] (CartCrunch Israel Ltd.)
FF Plugin: @bestbuy.com/npBestBuyPcAppDetector,version=1.0 -> C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll No File
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @bestbuy.com/npBestBuyPcAppDetector,version=1.0 -> C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.99\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll No File
CHR Plugin: (AVG SiteSafety plugin) - C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\15.5.0\\npsitesafety.dll No File
CHR Plugin: (McAfee Security Scanner +) - C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMss.dll No File
CHR Plugin: (Best Buy pc app Detector) - C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll No File
CHR Plugin: (Google Update) - C:\Users\Cassandra\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll No File
CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll No File
CHR Extension: (Google Wallet) - C:\Users\Cassandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-13]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [Not Found]
R1 cmwf; C:\Windows\system32\Drivers\cmwf.sys [33952 2015-01-07] () [File not signed]
R1 cmwr; C:\Windows\system32\Drivers\cmwr.sys [45216 2015-01-07] () [File not signed]
S0 AVGIDSHA; system32\DRIVERS\avgidsha.sys [X]
S1 avgtp; \??\C:\Windows\system32\drivers\avgtpx64.sys [X]
S3 taphss6; system32\DRIVERS\taphss6.sys [X]
AlternateDataStreams: C:\ProgramData\TEMP:0B4227B4
AlternateDataStreams: C:\ProgramData\TEMP:5C321E34
AlternateDataStreams: C:\Users\Cassandra\Desktop\sf-50 2014.jpeg:3or4kl4x13tuuug3Byamue2s4b
AlternateDataStreams: C:\Users\Cassandra\Desktop\sf-50 2014.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Users\Cassandra\Desktop\sf-50 2014.jpeg.jpeg:3or4kl4x13tuuug3Byamue2s4b
AlternateDataStreams: C:\Users\Cassandra\Desktop\sf-50 2014.jpeg.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Users\Cassandra\Desktop\SF50 4-24.jpeg:3or4kl4x13tuuug3Byamue2s4b
AlternateDataStreams: C:\Users\Cassandra\Desktop\SF50 4-24.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Users\Cassandra\Desktop\Tigger.jpeg:3or4kl4x13tuuug3Byamue2s4b
AlternateDataStreams: C:\Users\Cassandra\Desktop\Tigger.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
C:\Windows\system32\Drivers\cmwf.sys
C:\Windows\system32\Drivers\cmwr.sys
C:\Windows\SysWOW64\ColorMedia.dll
C:\Windows\system32\ColorMedia64.dll

End
Save the files as fixlist.txt into the same folder as FRST

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log Fixlog.txt please post it to your reply.
===

Download Security Check by screen317 from here
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
p.s.
If the SecurityCheck program fails to run for any reason, run it as an Administrator.

If the site is busy or not available use this mirror site:
http://www.bleepingcomputer.com/download/securitycheck/

How is the computer running now?

======

#5 txjustin825

txjustin825
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:02:14 PM

Posted 01 February 2015 - 09:14 AM

I don't think that worked. The files are still there. Here is the fixlog.txt and the checkup.txt. I also made sure thePicColor Utility was not installed before running both. Thanks again for your help.

Fixlog.txt

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 01-02-2015
Ran by Cassandra at 2015-02-01 07:34:55 Run:2
Running from C:\Users\Cassandra\Desktop
Loaded Profiles: Cassandra (Available profiles: Cassandra)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start

CloseProcesses:

HKLM-x32\...\Run: [] => [X]
Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll [X]
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (No File)
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (No File)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR HKU\S-1-5-21-637550786-695466938-1670476771-1000\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = https://www.yahoo.com?fr=hp-avast&type=odc278
HKU\S-1-5-21-637550786-695466938-1670476771-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.yahoo.com?fr=hp-avast&type=odc278
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
Toolbar: HKLM - No Name - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - No File
Toolbar: HKU\S-1-5-21-637550786-695466938-1670476771-1000 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
Winsock: Catalog9 01 C:\Windows\SysWOW64\ColorMedia.dll [324776] (CartCrunch Israel Ltd.)
Winsock: Catalog9 02 C:\Windows\SysWOW64\ColorMedia.dll [324776] (CartCrunch Israel Ltd.)
Winsock: Catalog9 03 C:\Windows\SysWOW64\ColorMedia.dll [324776] (CartCrunch Israel Ltd.)
Winsock: Catalog9 04 C:\Windows\SysWOW64\ColorMedia.dll [324776] (CartCrunch Israel Ltd.)
Winsock: Catalog9 15 C:\Windows\SysWOW64\ColorMedia.dll [324776] (CartCrunch Israel Ltd.)
Winsock: Catalog9-x64 01 C:\Windows\system32\ColorMedia64.dll [370688] (CartCrunch Israel Ltd.)
Winsock: Catalog9-x64 02 C:\Windows\system32\ColorMedia64.dll [370688] (CartCrunch Israel Ltd.)
Winsock: Catalog9-x64 03 C:\Windows\system32\ColorMedia64.dll [370688] (CartCrunch Israel Ltd.)
Winsock: Catalog9-x64 04 C:\Windows\system32\ColorMedia64.dll [370688] (CartCrunch Israel Ltd.)
Winsock: Catalog9-x64 15 C:\Windows\system32\ColorMedia64.dll [370688] (CartCrunch Israel Ltd.)
FF Plugin: @bestbuy.com/npBestBuyPcAppDetector,version=1.0 -> C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll No File
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @bestbuy.com/npBestBuyPcAppDetector,version=1.0 -> C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.99\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll No File
CHR Plugin: (AVG SiteSafety plugin) - C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\15.5.0\\npsitesafety.dll No File
CHR Plugin: (McAfee Security Scanner +) - C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMss.dll No File
CHR Plugin: (Best Buy pc app Detector) - C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll No File
CHR Plugin: (Google Update) - C:\Users\Cassandra\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll No File
CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll No File
CHR Extension: (Google Wallet) - C:\Users\Cassandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-13]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [Not Found]
R1 cmwf; C:\Windows\system32\Drivers\cmwf.sys [33952 2015-01-07] () [File not signed]
R1 cmwr; C:\Windows\system32\Drivers\cmwr.sys [45216 2015-01-07] () [File not signed]
S0 AVGIDSHA; system32\DRIVERS\avgidsha.sys [X]
S1 avgtp; \??\C:\Windows\system32\drivers\avgtpx64.sys [X]
S3 taphss6; system32\DRIVERS\taphss6.sys [X]
AlternateDataStreams: C:\ProgramData\TEMP:0B4227B4
AlternateDataStreams: C:\ProgramData\TEMP:5C321E34
AlternateDataStreams: C:\Users\Cassandra\Desktop\sf-50 2014.jpeg:3or4kl4x13tuuug3Byamue2s4b
AlternateDataStreams: C:\Users\Cassandra\Desktop\sf-50 2014.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Users\Cassandra\Desktop\sf-50 2014.jpeg.jpeg:3or4kl4x13tuuug3Byamue2s4b
AlternateDataStreams: C:\Users\Cassandra\Desktop\sf-50 2014.jpeg.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Users\Cassandra\Desktop\SF50 4-24.jpeg:3or4kl4x13tuuug3Byamue2s4b
AlternateDataStreams: C:\Users\Cassandra\Desktop\SF50 4-24.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Users\Cassandra\Desktop\Tigger.jpeg:3or4kl4x13tuuug3Byamue2s4b
AlternateDataStreams: C:\Users\Cassandra\Desktop\Tigger.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
C:\Windows\system32\Drivers\cmwf.sys
C:\Windows\system32\Drivers\cmwr.sys
C:\Windows\SysWOW64\ColorMedia.dll
C:\Windows\system32\ColorMedia64.dll

End
*****************

Processes closed successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => Value not found.
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\GoToAssist => Key not found.
C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe not found.
C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avast => Key not found.
HKCR\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => Key not found.
HKLM\SOFTWARE\Policies\Google => Key not found.
HKU\S-1-5-21-637550786-695466938-1670476771-1000\SOFTWARE\Policies\Google => Key not found.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKU\S-1-5-21-637550786-695466938-1670476771-1000\Software\Microsoft\Internet Explorer\Main\\Search Bar => Value not found.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value not found.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value not found.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{9421DD08-935F-4701-A9CA-22DF90AC4EA6} => Value not found.
HKCR\CLSID\{9421DD08-935F-4701-A9CA-22DF90AC4EA6} => Key not found.
HKU\S-1-5-21-637550786-695466938-1670476771-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} => Value not found.
HKCR\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068} => Key not found.
Winsock: Catalog entry 000000000001 => Could not be deleted.
Winsock: Catalog entry 000000000002 => Could not be deleted.
Winsock: Catalog entry 000000000003 => Could not be deleted.
Winsock: Catalog entry 000000000004 => Could not be deleted.
Winsock: Catalog entry 000000000015 => Could not be deleted.
Winsock: Catalog entry 000000000001 => Could not be deleted.
Winsock: Catalog entry 000000000002 => Could not be deleted.
Winsock: Catalog entry 000000000003 => Could not be deleted.
Winsock: Catalog entry 000000000004 => Could not be deleted.
Winsock: Catalog entry 000000000015 => Could not be deleted.
HKLM\Software\MozillaPlugins\@bestbuy.com/npBestBuyPcAppDetector,version=1.0 => Key not found.
HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE => Key not found.
HKLM\Software\Wow6432Node\MozillaPlugins\@bestbuy.com/npBestBuyPcAppDetector,version=1.0 => Key not found.
HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE => Key not found.
C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.99\ppGoogleNaClPluginChrome.dll not found.
C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll not found.
C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\15.5.0\\npsitesafety.dll not found.
C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMss.dll not found.
C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll not found.
C:\Users\Cassandra\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll not found.
C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll not found.
C:\Windows\system32\Adobe\Director\np32dsw.dll not found.
c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll not found.
C:\Users\Cassandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda directory not found.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\gomekmidlodglbbmalcneegieacbdmki => Key not found.
cmwf => Unable to stop service
cmwf => Error deleting Service
cmwr => Unable to stop service
cmwr => Error deleting Service
AVGIDSHA => Service not found.
avgtp => Service not found.
taphss6 => Service not found.
"C:\ProgramData\TEMP" => ":0B4227B4" ADS not found.
"C:\ProgramData\TEMP" => ":5C321E34" ADS not found.
"C:\Users\Cassandra\Desktop\sf-50 2014.jpeg" => ":3or4kl4x13tuuug3Byamue2s4b" ADS not found.
"C:\Users\Cassandra\Desktop\sf-50 2014.jpeg" => ":{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}" ADS not found.
"C:\Users\Cassandra\Desktop\sf-50 2014.jpeg.jpeg" => ":3or4kl4x13tuuug3Byamue2s4b" ADS not found.
"C:\Users\Cassandra\Desktop\sf-50 2014.jpeg.jpeg" => ":{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}" ADS not found.
"C:\Users\Cassandra\Desktop\SF50 4-24.jpeg" => ":3or4kl4x13tuuug3Byamue2s4b" ADS not found.
"C:\Users\Cassandra\Desktop\SF50 4-24.jpeg" => ":{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}" ADS not found.
"C:\Users\Cassandra\Desktop\Tigger.jpeg" => ":3or4kl4x13tuuug3Byamue2s4b" ADS not found.
"C:\Users\Cassandra\Desktop\Tigger.jpeg" => ":{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}" ADS not found.
Could not move "C:\Windows\system32\Drivers\cmwf.sys" => Scheduled to move on reboot.
Could not move "C:\Windows\system32\Drivers\cmwr.sys" => Scheduled to move on reboot.
Could not move "C:\Windows\SysWOW64\ColorMedia.dll" => Scheduled to move on reboot.
Could not move "C:\Windows\system32\ColorMedia64.dll" => Scheduled to move on reboot.

=> Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2015-02-01 07:37:08)<=

"C:\Windows\system32\Drivers\cmwf.sys" => File could not move.
"C:\Windows\system32\Drivers\cmwr.sys" => File could not move.
"C:\Windows\SysWOW64\ColorMedia.dll" => File could not move.
"C:\Windows\system32\ColorMedia64.dll" => File could not move.

==== End of Fixlog 07:37:08 ====






Checkup.txt

Results of screen317's Security Check version 0.99.96
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Microsoft Security Essentials
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Java™ 6 Update 45
Java version 32-bit out of Date!
Java 64-bit 8 Update 31
Adobe Flash Player 16.0.0.296
Adobe Reader XI
Mozilla Firefox (35.0.1)
Mozilla Thunderbird 17.0.6 Thunderbird out of Date!
Google Chrome 39.0.2171.99 Google Chrome out of date!
````````Process Check: objlist.exe by Laurent````````
Microsoft Security Essentials MSMpEng.exe
Microsoft Security Essentials msseces.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````

#6 nasdaq

nasdaq

  • Malware Response Team
  • 38,978 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:14 PM

Posted 01 February 2015 - 02:13 PM

Remove this old version of Java™ 6 Update 45 using the Add/Remove programs applet.

===

Reset you Winsock.

Refer to this Microsoft article.
http://support.microsoft.com/kb/299357

Select the Fix it button for windows 7 and fix it.
Restart that computer after the fix.

Please submit a fresh FRST log for my review.

#7 txjustin825

txjustin825
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:02:14 PM

Posted 01 February 2015 - 05:11 PM

here is the fresh log. Did I need to run the fixlist as well?

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-02-2015
Ran by Cassandra (administrator) on INSPIRON560 on 01-02-2015 16:05:23
Running from C:\Users\Cassandra\Desktop
Loaded Profiles: Cassandra (Available profiles: Cassandra)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Stardock Corporation) C:\Program Files\Dell\DellDock\DockLogin.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE
(Intuit) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare 8\Monitor.exe
(IObit) C:\Program Files (x86)\IObit\Smart Defrag 3\SmartDefrag.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Google Inc.) C:\Users\Cassandra\AppData\Local\Programs\Google\MusicManager\MusicManager.exe
() C:\Program Files (x86)\TopTab\explorer-task\explorer-task.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCTray.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
(Intuit Inc.) C:\Program Files (x86)\Intuit\QuickBooks 2011\QBW32.EXE
(SoftThinks SAS) C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
() C:\Windows\SysWOW64\UTSCSI.EXE
(Stardock Corporation) C:\Program Files\Dell\DellDock\DellDock.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(IObit) C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe
(Intuit, Inc.) C:\Program Files (x86)\Intuit\QuickBooks 2011\QBHelp.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [8306208 2009-10-20] (Realtek Semiconductor)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284696 2010-03-03] (Intel Corporation)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [976320 2009-12-03] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [LTCM Client] => C:\Program Files (x86)\LTCM Client\ltcmClient.exe [1596096 2009-08-05] (Leader Technologies Inc.)
HKLM-x32\...\Run: [Intuit SyncManager] => C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe [1497352 2011-02-21] (Intuit Inc. All rights reserved.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-09-12] (Adobe Systems Incorporated)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-637550786-695466938-1670476771-1000\...\Run: [EPSON NX125 NX127 Series] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIGGA.EXE [224768 2009-09-14] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-637550786-695466938-1670476771-1000\...\Run: [cdloader] => C:\Users\Cassandra\AppData\Roaming\mjusbsp\cdloader2.exe [50592 2012-02-01] (magicJack L.P.)
HKU\S-1-5-21-637550786-695466938-1670476771-1000\...\Run: [MusicManager] => C:\Users\Cassandra\AppData\Local\Programs\Google\MusicManager\MusicManager.exe [7475200 2014-11-13] (Google Inc.)
HKU\S-1-5-21-637550786-695466938-1670476771-1000\...\Run: [Google Update] => C:\Users\Cassandra\AppData\Local\Google\Update\GoogleUpdate.exe [107912 2014-10-22] (Google Inc.)
HKU\S-1-5-21-637550786-695466938-1670476771-1000\...\Run: [explorertask] => C:\PROGRAM FILES (X86)\TOPTAB\EXPLORER-TASK\EXPLORER-TASK.EXE [22016 2014-11-26] ()
HKU\S-1-5-21-637550786-695466938-1670476771-1000\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7780120 2015-01-28] (SUPERAntiSpyware)
HKU\S-1-5-21-637550786-695466938-1670476771-1000\...\Run: [Advanced SystemCare 8] => C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCTray.exe [2428704 2015-01-20] (IObit)
HKU\S-1-5-21-637550786-695466938-1670476771-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7404312 2015-01-20] (Piriform Ltd)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Intuit Data Protect.lnk
ShortcutTarget: Intuit Data Protect.lnk -> C:\Program Files (x86)\Common Files\Intuit\DataProtect\IntuitDataProtect.exe (Intuit Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
ShortcutTarget: QuickBooks Update Agent.lnk -> C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks_Standard_21.lnk
ShortcutTarget: QuickBooks_Standard_21.lnk -> C:\Program Files (x86)\Intuit\QuickBooks 2011\QBW32.EXE (Intuit Inc.)
Startup: C:\Users\Cassandra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk
ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (No File)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (No File)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
BootExecute: autocheck autochk * C:\PROGRA~2\AVG\AVG2012\avgrsa.exe /sync /restart

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = https://search.yahoo.com/yhs/search?type=odc278&hspart=avast&hsimp=yhs-001&p={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-637550786-695466938-1670476771-1000\Software\Microsoft\Internet Explorer\Main,Search Page = https://search.yahoo.com/yhs/search?type=odc278&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKLM -> {589B893E-773C-4941-88C2-0DCC718E621C} URL =
SearchScopes: HKLM -> {D29DFD1A-1D5C-43B2-A96D-4A9394F2543D} URL = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {20A4E07C-4323-4D1F-A060-116C013E7C90} URL = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://search.yahoo.com/yhs/search?type=odc278&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKU\S-1-5-21-637550786-695466938-1670476771-1000 -> {20A4E07C-4323-4D1F-A060-116C013E7C90} URL =
SearchScopes: HKU\S-1-5-21-637550786-695466938-1670476771-1000 -> {589B893E-773C-4941-88C2-0DCC718E621C} URL =
SearchScopes: HKU\S-1-5-21-637550786-695466938-1670476771-1000 -> {D29DFD1A-1D5C-43B2-A96D-4A9394F2543D} URL =
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll (IObit)
BHO: No Name -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> No File
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll No File
BHO-x32: No Name -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> No File
BHO-x32: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll No File
Handler-x32: intu-help-qb4 - {ACE22922-D07C-4860-B51B-8CF472FEC2CB} - C:\Program Files (x86)\Intuit\QuickBooks 2011\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler-x32: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\Windows\SysWOW64\mscoree.dll (Microsoft Corporation)
Winsock: Catalog9 01 C:\Windows\SysWOW64\ColorMedia.dll [324776] (CartCrunch Israel Ltd.)
Winsock: Catalog9 02 C:\Windows\SysWOW64\ColorMedia.dll [324776] (CartCrunch Israel Ltd.)
Winsock: Catalog9 03 C:\Windows\SysWOW64\ColorMedia.dll [324776] (CartCrunch Israel Ltd.)
Winsock: Catalog9 04 C:\Windows\SysWOW64\ColorMedia.dll [324776] (CartCrunch Israel Ltd.)
Winsock: Catalog9 15 C:\Windows\SysWOW64\ColorMedia.dll [324776] (CartCrunch Israel Ltd.)
Winsock: Catalog9-x64 01 C:\Windows\system32\ColorMedia64.dll [370688] (CartCrunch Israel Ltd.)
Winsock: Catalog9-x64 02 C:\Windows\system32\ColorMedia64.dll [370688] (CartCrunch Israel Ltd.)
Winsock: Catalog9-x64 03 C:\Windows\system32\ColorMedia64.dll [370688] (CartCrunch Israel Ltd.)
Winsock: Catalog9-x64 04 C:\Windows\system32\ColorMedia64.dll [370688] (CartCrunch Israel Ltd.)
Winsock: Catalog9-x64 15 C:\Windows\system32\ColorMedia64.dll [370688] (CartCrunch Israel Ltd.)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Cassandra\AppData\Roaming\Mozilla\Firefox\Profiles\p8gyg6sx.default
FF DefaultSearchEngine: Google
FF SelectedSearchEngine: Google
FF Homepage: hxxp://www.google.com/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_296.dll ()
FF Plugin: @java.com/DTPlugin,version=1.6.0_45 -> C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_296.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1216156.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=1.6.0_45 -> C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-637550786-695466938-1670476771-1000: @citrixonline.com/appdetectorplugin -> C:\Users\Cassandra\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF Plugin HKU\S-1-5-21-637550786-695466938-1670476771-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Cassandra\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-637550786-695466938-1670476771-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Cassandra\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Extension: Diccionario en Español para Venezuela - C:\Users\Cassandra\AppData\Roaming\Mozilla\Firefox\Profiles\p8gyg6sx.default\Extensions\es-ve@dictionaries.addons.mozilla.org [2014-05-04]
FF Extension: Advanced SystemCare Surfing Protection - C:\Users\Cassandra\AppData\Roaming\Mozilla\Firefox\Profiles\p8gyg6sx.default\Extensions\iobitascsurfingprotection@iobit.com [2015-01-28]
FF Extension: IE Tab 2 (FF 3.6+) - C:\Users\Cassandra\AppData\Roaming\Mozilla\Firefox\Profiles\p8gyg6sx.default\Extensions\{1BC9BA34-1EED-42ca-A505-6D2F1A935BBB} [2013-12-16]
FF Extension: WOT - C:\Users\Cassandra\AppData\Roaming\Mozilla\Firefox\Profiles\p8gyg6sx.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2015-01-28]
FF Extension: Zoom It - C:\Users\Cassandra\AppData\Roaming\Mozilla\Firefox\Profiles\p8gyg6sx.default\Extensions\{ea351a94-07c3-6b44-6fd5-29d87b899970} [2015-02-01]
FF Extension: Tab Preview - C:\Users\Cassandra\AppData\Roaming\Mozilla\Firefox\Profiles\p8gyg6sx.default\Extensions\{1de0de3c-0b5c-4f67-90c6-689623894991}.xpi [2011-04-24]
FF Extension: deskCut - C:\Users\Cassandra\AppData\Roaming\Mozilla\Firefox\Profiles\p8gyg6sx.default\Extensions\{9125C9CB-BE2B-4389-A0C7-46A4BDD46AEA}.xpi [2011-04-24]
FF Extension: Adblock Plus - C:\Users\Cassandra\AppData\Roaming\Mozilla\Firefox\Profiles\p8gyg6sx.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-01-28]
FF Extension: Tab Mix Plus - C:\Users\Cassandra\AppData\Roaming\Mozilla\Firefox\Profiles\p8gyg6sx.default\Extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi [2011-05-10]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF

Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.94\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.94\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.94\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll No File
CHR Plugin: (AVG SiteSafety plugin) - C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\15.5.0\\npsitesafety.dll No File
CHR Plugin: (Java™ Platform SE 6 U31) - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll No File
CHR Plugin: (McAfee Security Scanner +) - C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMss.dll No File
CHR Plugin: (Windows Live® Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Best Buy pc app Detector) - C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll No File
CHR Plugin: (Google Update) - C:\Users\Cassandra\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll No File
CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll No File
CHR Profile: C:\Users\Cassandra\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Angry Birds) - C:\Users\Cassandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj [2013-09-13]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Cassandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-22]
CHR Extension: (Rage Comics) - C:\Users\Cassandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\bigbpmgpdffelbefknlmefjiejgoinao [2013-09-13]
CHR Extension: (YouTube) - C:\Users\Cassandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-09-13]
CHR Extension: (Spotify - Music for every moment) - C:\Users\Cassandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnkjkdjlofllcpbemipjbcpfnglbgieh [2013-09-13]
CHR Extension: (Google Search) - C:\Users\Cassandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-09-13]
CHR Extension: (Search All) - C:\Users\Cassandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\eekjldapjblgadclklmgolijbagmdnfk [2015-02-01]
CHR Extension: (Cut the Rope) - C:\Users\Cassandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkddaofiamhgfjmaccfcfpfolpgbeomj [2013-09-13]
CHR Extension: (Pathuku) - C:\Users\Cassandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\hkiilmogcdkeefnbemdagpmcediekadb [2013-09-13]
CHR Extension: (An Awesome Book!) - C:\Users\Cassandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcafjdhiidcpdgpdbpnllmpheogojkfl [2013-09-13]
CHR Extension: (Little Alchemy) - C:\Users\Cassandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\knkapnclbofjjgicpkfoagdjohlfjhpd [2013-09-13]
CHR Extension: (Webcam Toy) - C:\Users\Cassandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfbgimoladefibpklnfmkpknadbklade [2013-09-13]
CHR Extension: (Quick Note) - C:\Users\Cassandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\mijlebbfndhelmdpmllgcfadlkankhok [2013-09-13]
CHR Extension: (Lyrics for Google Chrome™) - C:\Users\Cassandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\oglbipcbkmlknhfhabolnniekmlhfoek [2013-09-13]
CHR Extension: (Sinuous) - C:\Users\Cassandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\omlmnomieeknagejjojcpdomnbnbchdl [2013-09-13]
CHR Extension: (Gmail) - C:\Users\Cassandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-09-13]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-22] (SUPERAntiSpyware.com)
R2 AdvancedSystemCareService8; C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCService.exe [815392 2014-11-04] (IObit)
R2 DockLoginService; C:\Program Files\Dell\DellDock\DockLogin.exe [155648 2009-06-09] (Stardock Corporation) [File not signed]
S2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2724128 2015-01-16] (IObit)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)
R2 QBCFMonitorService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe [45056 2011-03-05] (Intuit) [File not signed]
S3 QBFCService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe [61440 2009-07-23] (Intuit Inc.) [File not signed]
R2 UTSCSI; C:\Windows\SysWOW64\UTSCSI.EXE [45056 2013-02-02] () [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 AnyDVD; C:\Windows\System32\Drivers\AnyDVD.sys [125512 2010-12-01] (SlySoft, Inc.)
R3 AnyDVD; C:\Windows\SysWOW64\Drivers\AnyDVD.sys [125512 2010-12-01] (SlySoft, Inc.)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-08-30] ()
R1 cmwf; C:\Windows\system32\Drivers\cmwf.sys [33952 2015-01-07] () [File not signed] <==== ATTENTION
R1 cmwr; C:\Windows\system32\Drivers\cmwr.sys [45216 2015-01-07] () [File not signed] <==== ATTENTION
R1 HWiNFO32; C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [26528 2015-01-28] (REALiX™)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)
S3 pfc; C:\Windows\SysWOW64\drivers\pfc.sys [10368 2006-10-02] (Padus, Inc.) [File not signed]
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R0 SmartDefragDriver; C:\Windows\System32\Drivers\SmartDefragDriver.sys [21184 2014-06-04] (IObit)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [35064 2015-01-28] ()

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-01 16:02 - 2015-02-01 16:02 - 00000056 _____ () C:\Windows\setupact.log
2015-02-01 16:02 - 2015-02-01 16:02 - 00000000 _____ () C:\Windows\setuperr.log
2015-02-01 07:42 - 2015-02-01 07:42 - 00852594 _____ () C:\Users\Cassandra\Downloads\SecurityCheck.exe
2015-02-01 07:31 - 2015-02-01 07:31 - 00000000 ____D () C:\Users\Cassandra\Desktop\FRST-OlderVersion
2015-02-01 07:19 - 2015-02-01 07:19 - 00005417 _____ () C:\Users\Cassandra\Downloads\fixlist.txt
2015-01-30 14:05 - 2015-02-01 16:05 - 00023597 _____ () C:\Users\Cassandra\Desktop\FRST.txt
2015-01-30 14:05 - 2015-01-30 14:06 - 00034463 _____ () C:\Users\Cassandra\Desktop\Addition.txt
2015-01-30 14:04 - 2015-02-01 16:05 - 00000000 ____D () C:\FRST
2015-01-30 14:04 - 2015-02-01 07:31 - 02131456 _____ (Farbar) C:\Users\Cassandra\Desktop\FRST64.exe
2015-01-30 13:39 - 2015-01-30 13:53 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-01-30 13:30 - 2015-01-30 13:33 - 00002454 _____ () C:\Users\Cassandra\Desktop\Rkill.txt
2015-01-30 13:30 - 2015-01-30 13:30 - 01943800 _____ (Bleeping Computer, LLC) C:\Users\Cassandra\Downloads\rkill.exe
2015-01-30 13:22 - 2015-01-30 13:22 - 02194432 _____ () C:\Users\Cassandra\Downloads\AdwCleaner(1).exe
2015-01-30 13:21 - 2015-01-30 13:21 - 02194432 _____ () C:\Users\Cassandra\Downloads\AdwCleaner.exe
2015-01-30 13:13 - 2015-01-30 13:38 - 00000000 ____D () C:\AdwCleaner
2015-01-30 05:26 - 2015-01-30 05:26 - 00002780 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2015-01-30 05:26 - 2015-01-30 05:26 - 00000824 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2015-01-30 05:25 - 2015-01-30 05:25 - 05325208 _____ (Piriform Ltd) C:\Users\Cassandra\Downloads\ccsetup502.exe
2015-01-29 17:46 - 2015-01-29 17:46 - 00007596 _____ () C:\Users\Cassandra\AppData\Local\Resmon.ResmonCfg
2015-01-28 14:57 - 2015-01-28 14:57 - 00545200 _____ (Sun Microsystems, Inc.) C:\Windows\system32\npdeployJava1.dll
2015-01-28 14:56 - 2015-01-28 14:56 - 00477616 _____ (Sun Microsystems, Inc.) C:\Windows\SysWOW64\npdeployJava1.dll
2015-01-28 14:54 - 2015-01-28 14:54 - 04263128 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\RTKVHD64.sys
2015-01-28 14:54 - 2015-01-28 14:54 - 03186544 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkApi64.dll
2015-01-28 14:54 - 2015-01-28 14:54 - 02860760 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtPgEx64.dll
2015-01-28 14:54 - 2015-01-28 14:54 - 02827120 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RltkAPO64.dll
2015-01-28 14:54 - 2015-01-28 14:54 - 02770976 _____ (Fortemedia Corporation) C:\Windows\system32\FMAPO64.dll
2015-01-28 14:54 - 2015-01-28 14:54 - 02041432 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioEQ64.dll
2015-01-28 14:54 - 2015-01-28 14:54 - 02000640 _____ (Creative Technology Ltd.) C:\Windows\system32\MBAPO264.dll
2015-01-28 14:54 - 2015-01-28 14:54 - 01959128 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTSnMg64.cpl
2015-01-28 14:54 - 2015-01-28 14:54 - 01728768 _____ (Creative Technology Ltd.) C:\Windows\SysWOW64\MBAPO232.dll
2015-01-28 14:54 - 2015-01-28 14:54 - 01443340 _____ () C:\Windows\system32\Drivers\RTAIODAT.DAT
2015-01-28 14:54 - 2015-01-28 14:54 - 01287384 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTCOM64.dll
2015-01-28 14:54 - 2015-01-28 14:54 - 00959704 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RCoInstII64.dll
2015-01-28 14:54 - 2015-01-28 14:54 - 00897152 _____ (Creative Technology Ltd.) C:\Windows\system32\MBAPO64.dll
2015-01-28 14:54 - 2015-01-28 14:54 - 00753280 _____ (Creative Technology Ltd.) C:\Windows\SysWOW64\MBAPO32.dll
2015-01-28 14:54 - 2015-01-28 14:54 - 00629464 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtDataProc64.dll
2015-01-28 14:54 - 2015-01-28 14:54 - 00628504 _____ (Creative Technology Ltd.) C:\Windows\system32\MBTHX64.dll
2015-01-28 14:54 - 2015-01-28 14:54 - 00563992 _____ (Creative Technology Ltd.) C:\Windows\SysWOW64\MBTHX32.dll
2015-01-28 14:54 - 2015-01-28 14:54 - 00560328 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTAC64.dll
2015-01-28 14:54 - 2015-01-28 14:54 - 00518896 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSTSX64.dll
2015-01-28 14:54 - 2015-01-28 14:54 - 00397592 _____ (Creative Technology Ltd.) C:\Windows\system32\MBWrp64.dll
2015-01-28 14:54 - 2015-01-28 14:54 - 00375128 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEP64A.dll
2015-01-28 14:54 - 2015-01-28 14:54 - 00331880 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtlCPAPI64.dll
2015-01-28 14:54 - 2015-01-28 14:54 - 00318808 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO20.dll
2015-01-28 14:54 - 2015-01-28 14:54 - 00310104 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DHT64.dll
2015-01-28 14:54 - 2015-01-28 14:54 - 00310104 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DAA64.dll
2015-01-28 14:54 - 2015-01-28 14:54 - 00211184 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSTSH64.dll
2015-01-28 14:54 - 2015-01-28 14:54 - 00204120 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEED64A.dll
2015-01-28 14:54 - 2015-01-28 14:54 - 00198896 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSHP64.dll
2015-01-28 14:54 - 2015-01-28 14:54 - 00155888 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSWOW64.dll
2015-01-28 14:54 - 2015-01-28 14:54 - 00149608 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCfg64.dll
2015-01-28 14:54 - 2015-01-28 14:54 - 00113576 _____ (Real Sound Lab SIA) C:\Windows\system32\CONEQMSAPOGUILibrary.dll
2015-01-28 14:54 - 2015-01-28 14:54 - 00108640 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTAR64.dll
2015-01-28 14:54 - 2015-01-28 14:54 - 00101208 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEL64A.dll
2015-01-28 14:54 - 2015-01-28 14:54 - 00078680 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEG64A.dll
2015-01-28 14:54 - 2015-01-28 14:54 - 00014952 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCoLDR64.dll
2015-01-28 14:53 - 2015-01-28 14:53 - 00942808 _____ (Realtek ) C:\Windows\system32\Drivers\Rt64win7.sys
2015-01-28 14:53 - 2015-01-28 14:53 - 00073800 _____ (Realtek Semiconductor Corporation) C:\Windows\system32\RtNicProp64.dll
2015-01-28 14:51 - 2015-01-28 14:51 - 15546880 _____ (Intel Corporation) C:\Windows\system32\ig4icd64.dll
2015-01-28 14:51 - 2015-01-28 14:51 - 11405824 _____ (Intel Corporation) C:\Windows\SysWOW64\ig4icd32.dll
2015-01-28 14:51 - 2015-01-28 14:51 - 10629408 _____ (Intel Corporation) C:\Windows\system32\Drivers\igdkmd64.sys
2015-01-28 14:51 - 2015-01-28 14:51 - 06549504 _____ (Intel Corporation) C:\Windows\system32\igdumd64.dll
2015-01-28 14:51 - 2015-01-28 14:51 - 04896768 _____ (Intel Corporation) C:\Windows\SysWOW64\igdumd32.dll
2015-01-28 14:51 - 2015-01-28 14:51 - 03158560 _____ (Intel Corporation) C:\Windows\system32\GfxUI.exe
2015-01-28 14:51 - 2015-01-28 14:51 - 00571904 _____ (Intel Corporation) C:\Windows\SysWOW64\igdumdx32.dll
2015-01-28 14:51 - 2015-01-28 14:51 - 00511008 _____ (Intel Corporation) C:\Windows\system32\igfxsrvc.exe
2015-01-28 14:51 - 2015-01-28 14:51 - 00418336 _____ (Intel Corporation) C:\Windows\system32\SETCD88.tmp
2015-01-28 14:51 - 2015-01-28 14:51 - 00418336 _____ (Intel Corporation) C:\Windows\system32\SETBF09.tmp
2015-01-28 14:51 - 2015-01-28 14:51 - 00418336 _____ (Intel Corporation) C:\Windows\system32\SETBC74.tmp
2015-01-28 14:51 - 2015-01-28 14:51 - 00418336 _____ (Intel Corporation) C:\Windows\system32\SETA7DF.tmp
2015-01-28 14:51 - 2015-01-28 14:51 - 00418336 _____ (Intel Corporation) C:\Windows\system32\SET940D.tmp
2015-01-28 14:51 - 2015-01-28 14:51 - 00418336 _____ (Intel Corporation) C:\Windows\system32\SET7903.tmp
2015-01-28 14:51 - 2015-01-28 14:51 - 00418336 _____ (Intel Corporation) C:\Windows\system32\SET66C6.tmp
2015-01-28 14:51 - 2015-01-28 14:51 - 00418336 _____ (Intel Corporation) C:\Windows\system32\SET41E4.tmp
2015-01-28 14:51 - 2015-01-28 14:51 - 00387616 _____ (Intel Corporation) C:\Windows\system32\SETCD39.tmp
2015-01-28 14:51 - 2015-01-28 14:51 - 00387616 _____ (Intel Corporation) C:\Windows\system32\SETBDAF.tmp
2015-01-28 14:51 - 2015-01-28 14:51 - 00387616 _____ (Intel Corporation) C:\Windows\system32\SETBC15.tmp
2015-01-28 14:51 - 2015-01-28 14:51 - 00387616 _____ (Intel Corporation) C:\Windows\system32\SETA771.tmp
2015-01-28 14:51 - 2015-01-28 14:51 - 00387616 _____ (Intel Corporation) C:\Windows\system32\SET938F.tmp
2015-01-28 14:51 - 2015-01-28 14:51 - 00387616 _____ (Intel Corporation) C:\Windows\system32\SET7894.tmp
2015-01-28 14:51 - 2015-01-28 14:51 - 00387616 _____ (Intel Corporation) C:\Windows\system32\SET6668.tmp
2015-01-28 14:51 - 2015-01-28 14:51 - 00387616 _____ (Intel Corporation) C:\Windows\system32\SET4186.tmp
2015-01-28 14:51 - 2015-01-28 14:51 - 00380416 _____ (Intel Corporation) C:\Windows\system32\igfxTMM.dll
2015-01-28 14:51 - 2015-01-28 14:51 - 00272384 _____ (Intel Corporation) C:\Windows\system32\igfxdev.dll
2015-01-28 14:51 - 2015-01-28 14:51 - 00244224 _____ (Intel Corporation) C:\Windows\system32\igfxpph.dll
2015-01-28 14:51 - 2015-01-28 14:51 - 00228864 _____ (Intel Corporation) C:\Windows\SysWOW64\igfxdv32.dll
2015-01-28 14:51 - 2015-01-28 14:51 - 00224800 _____ (Intel Corporation) C:\Windows\system32\igfxext.exe
2015-01-28 14:51 - 2015-01-28 14:51 - 00189552 _____ () C:\Windows\system32\Gfxres.th-TH.resources
2015-01-28 14:51 - 2015-01-28 14:51 - 00178407 _____ () C:\Windows\system32\Gfxres.el-GR.resources
2015-01-28 14:51 - 2015-01-28 14:51 - 00165395 _____ () C:\Windows\system32\Gfxres.ru-RU.resources
2015-01-28 14:51 - 2015-01-28 14:51 - 00163360 _____ (Intel Corporation) C:\Windows\system32\SETCCDA.tmp
2015-01-28 14:51 - 2015-01-28 14:51 - 00163360 _____ (Intel Corporation) C:\Windows\system32\SETBD03.tmp
2015-01-28 14:51 - 2015-01-28 14:51 - 00163360 _____ (Intel Corporation) C:\Windows\system32\SETBBA7.tmp
2015-01-28 14:51 - 2015-01-28 14:51 - 00163360 _____ (Intel Corporation) C:\Windows\system32\SETA6E3.tmp
2015-01-28 14:51 - 2015-01-28 14:51 - 00163360 _____ (Intel Corporation) C:\Windows\system32\SET92B4.tmp
2015-01-28 14:51 - 2015-01-28 14:51 - 00163360 _____ (Intel Corporation) C:\Windows\system32\SET7836.tmp
2015-01-28 14:51 - 2015-01-28 14:51 - 00163360 _____ (Intel Corporation) C:\Windows\system32\SET65EA.tmp
2015-01-28 14:51 - 2015-01-28 14:51 - 00163360 _____ (Intel Corporation) C:\Windows\system32\SET4108.tmp
2015-01-28 14:51 - 2015-01-28 14:51 - 00154656 _____ (Intel Corporation) C:\Windows\system32\difx64.exe
2015-01-28 14:51 - 2015-01-28 14:51 - 00142336 _____ (Intel Corporation) C:\Windows\system32\igfxdo.dll
2015-01-28 14:51 - 2015-01-28 14:51 - 00139909 _____ () C:\Windows\system32\Gfxres.ar-SA.resources
2015-01-28 14:51 - 2015-01-28 14:51 - 00136401 _____ () C:\Windows\system32\Gfxres.ja-JP.resources
2015-01-28 14:51 - 2015-01-28 14:51 - 00133746 _____ () C:\Windows\system32\Gfxres.he-IL.resources
2015-01-28 14:51 - 2015-01-28 14:51 - 00125558 _____ () C:\Windows\system32\Gfxres.it-IT.resources
2015-01-28 14:51 - 2015-01-28 14:51 - 00123230 _____ () C:\Windows\system32\Gfxres.ko-KR.resources
2015-01-28 14:51 - 2015-01-28 14:51 - 00122927 _____ () C:\Windows\system32\Gfxres.es-ES.resources
2015-01-28 14:51 - 2015-01-28 14:51 - 00122709 _____ () C:\Windows\system32\Gfxres.de-DE.resources
2015-01-28 14:51 - 2015-01-28 14:51 - 00122368 _____ (Intel Corporation) C:\Windows\system32\igfxcpl.cpl
2015-01-28 14:51 - 2015-01-28 14:51 - 00121173 _____ () C:\Windows\system32\Gfxres.tr-TR.resources
2015-01-28 14:51 - 2015-01-28 14:51 - 00120800 _____ () C:\Windows\system32\Gfxres.fr-FR.resources
2015-01-28 14:51 - 2015-01-28 14:51 - 00120366 _____ () C:\Windows\system32\Gfxres.pt-BR.resources
2015-01-28 14:51 - 2015-01-28 14:51 - 00119808 _____ (Intel Corporation) C:\Windows\system32\gfxSrvc.dll
2015-01-28 14:51 - 2015-01-28 14:51 - 00119616 _____ () C:\Windows\system32\Gfxres.hu-HU.resources
2015-01-28 14:51 - 2015-01-28 14:51 - 00119586 _____ () C:\Windows\system32\Gfxres.nl-NL.resources
2015-01-28 14:51 - 2015-01-28 14:51 - 00119360 _____ () C:\Windows\system32\Gfxres.sv-SE.resources
2015-01-28 14:51 - 2015-01-28 14:51 - 00119067 _____ () C:\Windows\system32\Gfxres.pt-PT.resources
2015-01-28 14:51 - 2015-01-28 14:51 - 00118745 _____ () C:\Windows\system32\Gfxres.cs-CZ.resources
2015-01-28 14:51 - 2015-01-28 14:51 - 00118697 _____ () C:\Windows\system32\Gfxres.fi-FI.resources
2015-01-28 14:51 - 2015-01-28 14:51 - 00118409 _____ () C:\Windows\system32\Gfxres.pl-PL.resources
2015-01-28 14:51 - 2015-01-28 14:51 - 00118058 _____ () C:\Windows\system32\Gfxres.sk-SK.resources
2015-01-28 14:51 - 2015-01-28 14:51 - 00114852 _____ () C:\Windows\system32\Gfxres.nb-NO.resources
2015-01-28 14:51 - 2015-01-28 14:51 - 00114372 _____ () C:\Windows\system32\Gfxres.sl-SI.resources
2015-01-28 14:51 - 2015-01-28 14:51 - 00114261 _____ () C:\Windows\system32\Gfxres.da-DK.resources
2015-01-28 14:51 - 2015-01-28 14:51 - 00110211 _____ () C:\Windows\system32\Gfxres.en-US.resources
2015-01-28 14:51 - 2015-01-28 14:51 - 00104044 _____ () C:\Windows\system32\Gfxres.zh-TW.resources
2015-01-28 14:51 - 2015-01-28 14:51 - 00102883 _____ () C:\Windows\system32\Gfxres.zh-CN.resources
2015-01-28 14:51 - 2015-01-28 14:51 - 00090112 _____ (Intel Corporation) C:\Windows\system32\igfxCoIn_v2869.dll
2015-01-28 14:51 - 2015-01-28 14:51 - 00088576 _____ (Intel Corporation) C:\Windows\system32\igfxrfra.lrc
2015-01-28 14:51 - 2015-01-28 14:51 - 00088576 _____ (Intel Corporation) C:\Windows\system32\igfxresn.lrc
2015-01-28 14:51 - 2015-01-28 14:51 - 00088576 _____ (Intel Corporation) C:\Windows\system32\igfxrell.lrc
2015-01-28 14:51 - 2015-01-28 14:51 - 00088064 _____ (Intel Corporation) C:\Windows\system32\igfxrsky.lrc
2015-01-28 14:51 - 2015-01-28 14:51 - 00088064 _____ (Intel Corporation) C:\Windows\system32\igfxrrus.lrc
2015-01-28 14:51 - 2015-01-28 14:51 - 00088064 _____ (Intel Corporation) C:\Windows\system32\igfxrptg.lrc
2015-01-28 14:51 - 2015-01-28 14:51 - 00088064 _____ (Intel Corporation) C:\Windows\system32\igfxrplk.lrc
2015-01-28 14:51 - 2015-01-28 14:51 - 00088064 _____ (Intel Corporation) C:\Windows\system32\igfxrnld.lrc
2015-01-28 14:51 - 2015-01-28 14:51 - 00088064 _____ (Intel Corporation) C:\Windows\system32\igfxrita.lrc
2015-01-28 14:51 - 2015-01-28 14:51 - 00088064 _____ (Intel Corporation) C:\Windows\system32\igfxrdeu.lrc
2015-01-28 14:51 - 2015-01-28 14:51 - 00087552 _____ (Intel Corporation) C:\Windows\system32\SETCDD7.tmp
2015-01-28 14:51 - 2015-01-28 14:51 - 00087552 _____ (Intel Corporation) C:\Windows\system32\SETC81C.tmp
2015-01-28 14:51 - 2015-01-28 14:51 - 00087552 _____ (Intel Corporation) C:\Windows\system32\SETBD01.tmp
2015-01-28 14:51 - 2015-01-28 14:51 - 00087552 _____ (Intel Corporation) C:\Windows\system32\SETA82E.tmp
2015-01-28 14:51 - 2015-01-28 14:51 - 00087552 _____ (Intel Corporation) C:\Windows\system32\SET946C.tmp
2015-01-28 14:51 - 2015-01-28 14:51 - 00087552 _____ (Intel Corporation) C:\Windows\system32\SET79A0.tmp
2015-01-28 14:51 - 2015-01-28 14:51 - 00087552 _____ (Intel Corporation) C:\Windows\system32\SET6715.tmp
2015-01-28 14:51 - 2015-01-28 14:51 - 00087552 _____ (Intel Corporation) C:\Windows\system32\SET4243.tmp
2015-01-28 14:51 - 2015-01-28 14:51 - 00087552 _____ (Intel Corporation) C:\Windows\system32\igfxrtrk.lrc
2015-01-28 14:51 - 2015-01-28 14:51 - 00087552 _____ (Intel Corporation) C:\Windows\system32\igfxrsve.lrc
2015-01-28 14:51 - 2015-01-28 14:51 - 00087552 _____ (Intel Corporation) C:\Windows\system32\igfxrslv.lrc
2015-01-28 14:51 - 2015-01-28 14:51 - 00087552 _____ (Intel Corporation) C:\Windows\system32\igfxrptb.lrc
2015-01-28 14:51 - 2015-01-28 14:51 - 00087552 _____ (Intel Corporation) C:\Windows\system32\igfxrnor.lrc
2015-01-28 14:51 - 2015-01-28 14:51 - 00087552 _____ (Intel Corporation) C:\Windows\system32\igfxrhun.lrc
2015-01-28 14:51 - 2015-01-28 14:51 - 00087552 _____ (Intel Corporation) C:\Windows\system32\igfxrfin.lrc
2015-01-28 14:51 - 2015-01-28 14:51 - 00087552 _____ (Intel Corporation) C:\Windows\system32\igfxrcsy.lrc
2015-01-28 14:51 - 2015-01-28 14:51 - 00087040 _____ (Intel Corporation) C:\Windows\system32\igfxrtha.lrc
2015-01-28 14:51 - 2015-01-28 14:51 - 00087040 _____ (Intel Corporation) C:\Windows\system32\igfxrdan.lrc
2015-01-28 14:51 - 2015-01-28 14:51 - 00086528 _____ (Intel Corporation) C:\Windows\system32\igfxrheb.lrc
2015-01-28 14:51 - 2015-01-28 14:51 - 00086528 _____ (Intel Corporation) C:\Windows\system32\igfxrara.lrc
2015-01-28 14:51 - 2015-01-28 14:51 - 00084992 _____ (Intel Corporation) C:\Windows\system32\igfxrkor.lrc
2015-01-28 14:51 - 2015-01-28 14:51 - 00084992 _____ (Intel Corporation) C:\Windows\system32\igfxrjpn.lrc
2015-01-28 14:51 - 2015-01-28 14:51 - 00083968 _____ (Intel Corporation) C:\Windows\system32\igfxrcht.lrc
2015-01-28 14:51 - 2015-01-28 14:51 - 00083968 _____ (Intel Corporation) C:\Windows\system32\igfxrchs.lrc
2015-01-28 14:51 - 2015-01-28 14:51 - 00027648 _____ (Intel Corporation) C:\Windows\system32\igfxexps.dll
2015-01-28 14:51 - 2015-01-28 14:51 - 00023552 _____ (Intel Corporation) C:\Windows\SysWOW64\igfxexps32.dll
2015-01-28 14:51 - 2015-01-28 14:51 - 00005448 _____ () C:\Windows\system32\iglhxs64.vp
2015-01-28 14:51 - 2015-01-28 14:51 - 00004096 _____ ( ) C:\Windows\system32\IGFXDEVLib.dll
2015-01-28 14:50 - 2015-01-28 14:50 - 00145408 _____ (Intel® Corporation) C:\Windows\system32\Drivers\IntcHdmi.sys
2015-01-28 14:50 - 2015-01-28 14:50 - 00006144 _____ () C:\Windows\system32\SET58F0.tmp
2015-01-28 14:43 - 2015-01-30 13:02 - 00002862 _____ () C:\Windows\System32\Tasks\Driver Booster SkipUAC (Cassandra)
2015-01-28 14:43 - 2015-01-28 14:44 - 00002146 _____ () C:\Users\Public\Desktop\Driver Booster 2.lnk
2015-01-28 14:43 - 2015-01-28 14:43 - 00026528 _____ (REALiX™) C:\Windows\SysWOW64\Drivers\HWiNFO64A.SYS
2015-01-28 14:43 - 2015-01-28 14:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Booster 2
2015-01-28 14:42 - 2015-02-01 07:09 - 00002918 _____ () C:\Windows\System32\Tasks\Uninstaller_SkipUac_Cassandra
2015-01-28 14:42 - 2015-01-28 14:42 - 00001230 _____ () C:\Users\Public\Desktop\IObit Uninstaller.lnk
2015-01-28 14:41 - 2015-01-28 14:41 - 00003198 _____ () C:\Windows\System32\Tasks\ASC8_PerformanceMonitor
2015-01-28 14:38 - 2015-01-29 18:22 - 00002183 _____ () C:\Users\Public\Desktop\Advanced SystemCare 8.lnk
2015-01-28 14:38 - 2015-01-28 14:38 - 00002886 _____ () C:\Windows\System32\Tasks\ASC8_SkipUac_Cassandra
2015-01-28 14:38 - 2015-01-28 14:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced SystemCare 8
2015-01-28 14:38 - 2015-01-28 14:38 - 00000000 ____D () C:\ProgramData\{BAF091CA-86C4-4627-ADA1-897E2621C1B0}
2015-01-28 14:37 - 2015-01-28 14:37 - 00000000 ____D () C:\Windows\Tasks\ImCleanDisabled
2015-01-28 14:35 - 2015-01-28 14:36 - 44439248 _____ (IObit ) C:\Users\Cassandra\Downloads\advanced-systemcare-setup(3).exe
2015-01-28 14:34 - 2015-01-28 14:35 - 44439248 _____ (IObit ) C:\Users\Cassandra\Downloads\advanced-systemcare-setup(2).exe
2015-01-28 08:36 - 2015-01-28 08:36 - 00000000 _____ () C:\asc_rdflag
2015-01-28 08:18 - 2015-01-28 14:27 - 00035064 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2015-01-28 08:18 - 2015-01-28 08:18 - 00000000 ____D () C:\ProgramData\RogueKiller
2015-01-28 08:08 - 2015-01-28 14:56 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-01-26 18:28 - 2015-01-30 13:39 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-26 18:28 - 2015-01-30 13:39 - 00097496 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-01-26 18:28 - 2015-01-26 18:28 - 00001104 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-01-26 18:28 - 2015-01-26 18:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-01-26 18:28 - 2015-01-26 18:28 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-01-26 18:28 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-01-26 18:28 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-01-26 18:25 - 2015-01-29 18:21 - 00000000 ____D () C:\SUPERDelete
2015-01-26 18:25 - 2015-01-26 18:25 - 00001810 _____ () C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2015-01-26 18:25 - 2015-01-26 18:25 - 00000000 ____D () C:\Users\Cassandra\AppData\Roaming\SUPERAntiSpyware.com
2015-01-26 18:25 - 2015-01-26 18:25 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com
2015-01-26 18:25 - 2015-01-26 18:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2015-01-26 17:30 - 2015-01-26 17:30 - 00001578 _____ () C:\ProgramData\tempimage.bmp
2015-01-26 17:30 - 2015-01-26 17:30 - 00000000 ____D () C:\ProgramData\663c14000001d38
2015-01-26 17:13 - 2015-01-26 17:20 - 00002194 _____ () C:\Users\Cassandra\Desktop\chrome.lnk
2015-01-20 09:31 - 2015-01-20 09:31 - 00000000 ____D () C:\Users\Cassandra\AppData\Local\Desktop_Dock
2015-01-20 09:19 - 2015-01-21 16:18 - 00000065 _____ () C:\Users\Cassandra\AppData\Roaming\WB.CFG
2015-01-19 20:53 - 2015-01-19 20:53 - 00000000 ____D () C:\Program Files (x86)\TopTab
2015-01-19 20:39 - 2015-01-19 20:40 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-01-19 20:39 - 2015-01-19 20:39 - 00002021 _____ () C:\Users\Public\Desktop\Adobe Reader XI.lnk
2015-01-19 20:39 - 2015-01-19 20:39 - 00000000 ____D () C:\Program Files (x86)\Adobe
2015-01-19 20:24 - 2015-01-26 18:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KNCTR
2015-01-19 20:19 - 2015-01-19 20:19 - 00003776 _____ () C:\Windows\System32\Tasks\NNYOXBV
2015-01-19 20:19 - 2015-01-07 21:07 - 00045216 _____ () C:\Windows\system32\Drivers\cmwr.sys
2015-01-19 20:19 - 2015-01-07 21:07 - 00033952 _____ () C:\Windows\system32\Drivers\cmwf.sys
2015-01-19 20:19 - 2015-01-07 20:54 - 00370688 _____ (CartCrunch Israel Ltd.) C:\Windows\system32\ColorMedia64.dll
2015-01-19 20:19 - 2015-01-07 20:54 - 00324776 _____ (CartCrunch Israel Ltd.) C:\Windows\SysWOW64\ColorMedia.dll
2015-01-19 20:17 - 2015-01-26 18:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\turbodiagnosis
2015-01-14 12:41 - 2015-01-26 19:41 - 04087472 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2015-01-14 07:02 - 2014-12-18 21:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-14 07:02 - 2014-12-18 19:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-14 07:02 - 2014-12-11 23:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-14 07:02 - 2014-12-11 23:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-01-14 07:02 - 2014-12-11 23:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-01-14 07:02 - 2014-12-11 23:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-01-14 07:02 - 2014-12-11 23:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-01-14 07:02 - 2014-12-11 23:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-01-14 07:02 - 2014-12-11 23:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-01-14 07:02 - 2014-12-11 11:47 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-14 07:02 - 2014-12-05 22:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-14 07:02 - 2014-12-05 21:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-01-14 07:02 - 2014-12-05 21:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2015-01-13 12:07 - 2015-01-13 12:07 - 00001785 _____ () C:\Users\Public\Desktop\iTunes.lnk
2015-01-13 12:07 - 2015-01-13 12:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-01-13 12:07 - 2015-01-13 12:07 - 00000000 ____D () C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2015-01-13 12:07 - 2015-01-13 12:07 - 00000000 ____D () C:\Program Files\iTunes
2015-01-13 12:07 - 2015-01-13 12:07 - 00000000 ____D () C:\Program Files\iPod
2015-01-13 12:07 - 2015-01-13 12:07 - 00000000 ____D () C:\Program Files (x86)\iTunes
2015-01-12 08:43 - 2015-01-26 17:27 - 00000000 ____D () C:\Users\Cassandra\AppData\Roaming\K9Tools
2015-01-12 08:43 - 2015-01-26 17:05 - 00003062 _____ () C:\Windows\System32\Tasks\K9-PC Protector_startup
2015-01-12 08:43 - 2015-01-12 08:43 - 00000000 ____D () C:\Users\Cassandra\AppData\Roaming\K9AMW
2015-01-12 08:42 - 2015-01-12 08:42 - 00003042 _____ () C:\Windows\System32\Tasks\K9-PCFixer_UPDATES
2015-01-12 08:42 - 2015-01-12 08:42 - 00002886 _____ () C:\Windows\System32\Tasks\K9-PCFixer_DEFAULT
2015-01-12 08:37 - 2015-01-12 08:40 - 44929808 _____ (IObit ) C:\Users\Cassandra\Downloads\advanced-systemcare-setup(1).exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-01 16:04 - 2011-04-24 22:00 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2015-02-01 16:03 - 2014-12-10 06:51 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-01 16:03 - 2014-12-10 06:51 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-01 16:02 - 2009-07-13 23:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-01 15:41 - 2012-04-03 16:57 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-02-01 15:12 - 2011-04-24 21:38 - 00000924 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-637550786-695466938-1670476771-1000UA.job
2015-02-01 07:44 - 2009-07-13 22:45 - 00022464 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-01 07:44 - 2009-07-13 22:45 - 00022464 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-01 07:07 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\system32\NDF
2015-02-01 00:11 - 2011-04-24 21:38 - 00000872 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-637550786-695466938-1670476771-1000Core.job
2015-01-31 14:16 - 2011-04-23 12:18 - 00000000 ____D () C:\Users\Cassandra\AppData\Local\Deployment
2015-01-30 12:55 - 2014-08-23 08:58 - 00000000 ____D () C:\Users\Cassandra\AppData\Local\Intuit
2015-01-30 12:55 - 2009-07-13 22:45 - 00027648 _____ () C:\Windows\system32\umstartup.etl
2015-01-30 05:26 - 2011-04-24 09:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2015-01-30 05:26 - 2011-04-24 09:52 - 00000000 ____D () C:\Program Files\CCleaner
2015-01-29 18:24 - 2011-02-24 01:40 - 00000000 ____D () C:\ProgramData\Sonic
2015-01-29 17:34 - 2014-08-30 23:48 - 00000000 ____D () C:\ProgramData\ProductData
2015-01-28 21:22 - 2011-04-23 12:13 - 00000000 ____D () C:\Users\Cassandra
2015-01-28 21:19 - 2014-08-30 23:49 - 00000000 ____D () C:\Users\Cassandra\AppData\Roaming\ProductData
2015-01-28 21:19 - 2012-04-26 21:05 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-01-28 21:19 - 2011-11-10 20:24 - 00000000 ____D () C:\ProgramData\Apple
2015-01-28 21:19 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\registration
2015-01-28 14:57 - 2011-04-24 19:35 - 00000000 ____D () C:\Windows\SysWOW64\Adobe
2015-01-28 14:57 - 2011-02-24 01:24 - 00526768 _____ (Sun Microsystems, Inc.) C:\Windows\system32\deployJava1.dll
2015-01-28 14:56 - 2011-02-24 01:24 - 00473520 _____ (Sun Microsystems, Inc.) C:\Windows\SysWOW64\deployJava1.dll
2015-01-28 14:55 - 2011-02-24 03:20 - 00000000 ____D () C:\Windows\SysWOW64\RTCOM
2015-01-28 14:53 - 2011-02-24 03:04 - 00107552 _____ (Realtek Semiconductor Corporation) C:\Windows\system32\RTNUninst64.dll
2015-01-28 14:52 - 2011-02-24 01:24 - 00000000 ____D () C:\Program Files (x86)\Intel
2015-01-28 14:51 - 2011-02-24 03:04 - 04722176 _____ (Intel Corporation) C:\Windows\system32\igd10umd64.dll
2015-01-28 14:51 - 2011-02-24 03:04 - 00830464 _____ (Intel Corporation) C:\Windows\system32\igfxress.dll
2015-01-28 14:51 - 2011-02-24 03:04 - 00108544 _____ (Intel Corporation) C:\Windows\system32\hccutils.dll
2015-01-28 14:51 - 2011-02-24 03:04 - 00061952 _____ (Intel Corporation) C:\Windows\system32\igfxsrvc.dll
2015-01-28 14:51 - 2011-02-11 18:04 - 04338688 _____ (Intel Corporation) C:\Windows\SysWOW64\igd10umd32.dll
2015-01-28 14:43 - 2014-08-30 23:47 - 00000000 ____D () C:\ProgramData\IObit
2015-01-28 14:43 - 2014-08-30 23:45 - 00000000 ____D () C:\Users\Cassandra\AppData\Roaming\IObit
2015-01-28 14:42 - 2014-08-30 23:47 - 00000000 ____D () C:\Program Files (x86)\IObit
2015-01-28 08:36 - 2014-09-22 15:22 - 92270592 _____ () C:\Windows\system32\config\SOFTWARE.iodefrag.bak
2015-01-28 08:36 - 2014-09-22 15:22 - 00270336 _____ () C:\Windows\system32\config\DEFAULT.iodefrag.bak
2015-01-28 08:36 - 2014-09-22 15:22 - 00057344 _____ () C:\Windows\system32\config\SAM.iodefrag.bak
2015-01-28 08:36 - 2014-09-22 15:22 - 00024576 _____ () C:\Windows\system32\config\SECURITY.iodefrag.bak
2015-01-26 19:41 - 2012-04-03 16:57 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-01-26 19:41 - 2012-04-03 16:57 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-01-26 19:41 - 2011-06-14 23:00 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-26 18:25 - 2011-06-09 20:38 - 00000000 ____D () C:\Users\Cassandra\AppData\Local\The Weather Channel
2015-01-26 18:09 - 2011-04-24 19:45 - 00000000 ___RD () C:\Users\Cassandra\Desktop\My Games
2015-01-26 18:05 - 2009-07-13 21:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2015-01-26 17:53 - 2012-02-20 22:34 - 00361830 _____ () C:\Users\Cassandra\Desktop\Tigger.jpeg
2015-01-26 17:52 - 2014-01-29 03:02 - 00774632 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2015-01-26 17:52 - 2009-07-13 23:13 - 00774632 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-26 17:27 - 2011-04-24 11:15 - 00000000 ____D () C:\Program Files\LockHunter
2015-01-19 20:39 - 2011-02-24 01:27 - 00000000 ____D () C:\ProgramData\Adobe
2015-01-14 23:23 - 2013-08-14 17:29 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-14 23:18 - 2011-04-25 10:12 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-01-13 12:07 - 2011-11-10 20:26 - 00000000 ____D () C:\ProgramData\Apple Computer
2015-01-13 12:07 - 2011-11-10 20:24 - 00000000 ____D () C:\Program Files\Common Files\Apple
2015-01-13 12:06 - 2014-02-04 21:30 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2015-01-13 06:46 - 2009-07-13 23:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD

==================== Files in the root of some directories =======

2013-06-30 08:37 - 2014-06-22 09:51 - 0003728 _____ () C:\Program Files (x86)\Mozilla Firefoxavg-secure-search.xml
2011-11-07 20:45 - 2011-11-07 20:45 - 0000272 _____ () C:\Users\Cassandra\AppData\Roaming\.backup.dm
2015-01-20 09:19 - 2015-01-21 16:18 - 0000065 _____ () C:\Users\Cassandra\AppData\Roaming\WB.CFG
2013-10-03 20:24 - 2014-11-10 16:37 - 0014848 _____ () C:\Users\Cassandra\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-01-29 17:46 - 2015-01-29 17:46 - 0007596 _____ () C:\Users\Cassandra\AppData\Local\Resmon.ResmonCfg
2011-04-24 21:55 - 2011-04-24 21:55 - 0000043 ___SH () C:\ProgramData\.zreglib
2015-01-26 17:30 - 2015-01-26 17:30 - 0001578 _____ () C:\ProgramData\tempimage.bmp

Some content of TEMP:
====================
C:\Users\Cassandra\AppData\Local\Temp\SpotifyUninstall.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-01-26 21:02

==================== End Of Log ============================

#8 nasdaq

nasdaq

  • Malware Response Team
  • 38,978 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:14 PM

Posted 02 February 2015 - 08:41 AM


Lets try this again.

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.


start

ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (No File)
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (No File)
BHO: No Name -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> No File
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll No File
BHO-x32: No Name -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> No File
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll No File
Winsock: Catalog9 01 C:\Windows\SysWOW64\ColorMedia.dll [324776] (CartCrunch Israel Ltd.)
Winsock: Catalog9 02 C:\Windows\SysWOW64\ColorMedia.dll [324776] (CartCrunch Israel Ltd.)
Winsock: Catalog9 03 C:\Windows\SysWOW64\ColorMedia.dll [324776] (CartCrunch Israel Ltd.)
Winsock: Catalog9 04 C:\Windows\SysWOW64\ColorMedia.dll [324776] (CartCrunch Israel Ltd.)
Winsock: Catalog9 15 C:\Windows\SysWOW64\ColorMedia.dll [324776] (CartCrunch Israel Ltd.)
Winsock: Catalog9-x64 01 C:\Windows\system32\ColorMedia64.dll [370688] (CartCrunch Israel Ltd.)
Winsock: Catalog9-x64 02 C:\Windows\system32\ColorMedia64.dll [370688] (CartCrunch Israel Ltd.)
Winsock: Catalog9-x64 03 C:\Windows\system32\ColorMedia64.dll [370688] (CartCrunch Israel Ltd.)
Winsock: Catalog9-x64 04 C:\Windows\system32\ColorMedia64.dll [370688] (CartCrunch Israel Ltd.)
Winsock: Catalog9-x64 15 C:\Windows\system32\ColorMedia64.dll [370688] (CartCrunch Israel Ltd.)
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.94\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll No File
CHR Plugin: (AVG SiteSafety plugin) - C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\15.5.0\\npsitesafety.dll No File
CHR Plugin: (Java™ Platform SE 6 U31) - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll No File
CHR Plugin: (McAfee Security Scanner +) - C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMss.dll No File
CHR Plugin: (Best Buy pc app Detector) - C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll No File
CHR Plugin: (Google Update) - C:\Users\Cassandra\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll No File
CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll No File
CHR Extension: (Lyrics for Google Chrome™) - C:\Users\Cassandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\oglbipcbkmlknhfhabolnniekmlhfoek [2013-09-13]
R1 cmwf; C:\Windows\system32\Drivers\cmwf.sys [33952 2015-01-07] () [File not signed] <==== ATTENTION
R1 cmwr; C:\Windows\system32\Drivers\cmwr.sys [45216 2015-01-07] () [File not signed] <==== ATTENTION
C:\Windows\system32\Drivers\cmwf.sys
C:\Windows\system32\Drivers\cmwr.sys
C:\Windows\SysWOW64\ColorMedia.dll
C:\Users\Cassandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\oglbipcbkmlknhfhabolnniekmlhfoek

End
Save the files as fixlist.txt into the same folder as FRST

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

#9 txjustin825

txjustin825
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:02:14 PM

Posted 02 February 2015 - 06:05 PM

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 01-02-2015
Ran by Cassandra at 2015-02-02 16:00:03 Run:3
Running from C:\Users\Cassandra\Desktop
Loaded Profiles: Cassandra (Available profiles: Cassandra)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start

ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (No File)
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (No File)
BHO: No Name -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> No File
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll No File
BHO-x32: No Name -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> No File
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll No File
Winsock: Catalog9 01 C:\Windows\SysWOW64\ColorMedia.dll [324776] (CartCrunch Israel Ltd.)
Winsock: Catalog9 02 C:\Windows\SysWOW64\ColorMedia.dll [324776] (CartCrunch Israel Ltd.)
Winsock: Catalog9 03 C:\Windows\SysWOW64\ColorMedia.dll [324776] (CartCrunch Israel Ltd.)
Winsock: Catalog9 04 C:\Windows\SysWOW64\ColorMedia.dll [324776] (CartCrunch Israel Ltd.)
Winsock: Catalog9 15 C:\Windows\SysWOW64\ColorMedia.dll [324776] (CartCrunch Israel Ltd.)
Winsock: Catalog9-x64 01 C:\Windows\system32\ColorMedia64.dll [370688] (CartCrunch Israel Ltd.)
Winsock: Catalog9-x64 02 C:\Windows\system32\ColorMedia64.dll [370688] (CartCrunch Israel Ltd.)
Winsock: Catalog9-x64 03 C:\Windows\system32\ColorMedia64.dll [370688] (CartCrunch Israel Ltd.)
Winsock: Catalog9-x64 04 C:\Windows\system32\ColorMedia64.dll [370688] (CartCrunch Israel Ltd.)
Winsock: Catalog9-x64 15 C:\Windows\system32\ColorMedia64.dll [370688] (CartCrunch Israel Ltd.)
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.94\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll No File
CHR Plugin: (AVG SiteSafety plugin) - C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\15.5.0\\npsitesafety.dll No File
CHR Plugin: (Java™ Platform SE 6 U31) - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll No File
CHR Plugin: (McAfee Security Scanner +) - C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMss.dll No File
CHR Plugin: (Best Buy pc app Detector) - C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll No File
CHR Plugin: (Google Update) - C:\Users\Cassandra\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll No File
CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll No File
CHR Extension: (Lyrics for Google Chrome™) - C:\Users\Cassandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\oglbipcbkmlknhfhabolnniekmlhfoek [2013-09-13]
R1 cmwf; C:\Windows\system32\Drivers\cmwf.sys [33952 2015-01-07] () [File not signed] <==== ATTENTION
R1 cmwr; C:\Windows\system32\Drivers\cmwr.sys [45216 2015-01-07] () [File not signed] <==== ATTENTION
C:\Windows\system32\Drivers\cmwf.sys
C:\Windows\system32\Drivers\cmwr.sys
C:\Windows\SysWOW64\ColorMedia.dll
C:\Users\Cassandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\oglbipcbkmlknhfhabolnniekmlhfoek

End
*****************

C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe not found.
C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe not found.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}" => Key deleted successfully.
HKCR\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}" => Key deleted successfully.
"HKCR\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}" => Key deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}" => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} => Key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}" => Key deleted successfully.
Winsock: Catalog entry 000000000001 => Could not be deleted.
Winsock: Catalog entry 000000000002 => Could not be deleted.
Winsock: Catalog entry 000000000003 => Could not be deleted.
Winsock: Catalog entry 000000000004 => Could not be deleted.
Winsock: Catalog entry 000000000015 => Could not be deleted.
Winsock: Catalog entry 000000000001 => Could not be deleted.
Winsock: Catalog entry 000000000002 => Could not be deleted.
Winsock: Catalog entry 000000000003 => Could not be deleted.
Winsock: Catalog entry 000000000004 => Could not be deleted.
Winsock: Catalog entry 000000000015 => Could not be deleted.
C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.94\ppGoogleNaClPluginChrome.dll not found.
C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll not found.
C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\15.5.0\\npsitesafety.dll not found.
C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll not found.
C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMss.dll not found.
C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll not found.
C:\Users\Cassandra\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll not found.
C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll not found.
C:\Windows\system32\Adobe\Director\np32dsw.dll not found.
c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll not found.
C:\Users\Cassandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\oglbipcbkmlknhfhabolnniekmlhfoek => Moved successfully.
cmwf => Unable to stop service
cmwf => Error deleting Service
cmwr => Unable to stop service
cmwr => Error deleting Service
Could not move "C:\Windows\system32\Drivers\cmwf.sys" => Scheduled to move on reboot.
Could not move "C:\Windows\system32\Drivers\cmwr.sys" => Scheduled to move on reboot.
Could not move "C:\Windows\SysWOW64\ColorMedia.dll" => Scheduled to move on reboot.
"C:\Users\Cassandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\oglbipcbkmlknhfhabolnniekmlhfoek" => File/Directory not found.

=> Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2015-02-02 16:02:39)<=

"C:\Windows\system32\Drivers\cmwf.sys" => File could not move.
"C:\Windows\system32\Drivers\cmwr.sys" => File could not move.
"C:\Windows\SysWOW64\ColorMedia.dll" => File could not move.

==== End of Fixlog 16:02:39 ====

#10 nasdaq

nasdaq

  • Malware Response Team
  • 38,978 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:14 PM

Posted 03 February 2015 - 09:26 AM

Create a restore point. Windows 7.
http://windows.microsoft.com/en-ca/windows7/create-a-restore-point
===


Open you computer in Safe Mode.
http://windows.microsoft.com/en-ca/windows/start-computer-safe-mode#start-computer-safe-mode=windows-7

Navigating to the respective folders and delete the files in bold. (Not the folder)

C:\Windows\system32\Drivers\cmwf.sys
C:\Windows\system32\Drivers\cmwr.sys


C:\Windows\SysWOW64\ColorMedia.dll


Return to the operating system and restart it normally.

If you loose the internet execute this.

At the command prompt, enter the following command, and then press Enter:

netsh int ip reset c:\resetlog.txt

Restart the computer normally.

Post a fresh FRST log and let me know how things are.

#11 txjustin825

txjustin825
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:02:14 PM

Posted 05 February 2015 - 07:00 AM

I could not delete the files. I had the same error on each file... The error message says " The file cmwr.sys is too large for destination file system.

Here is a fresh FRST log

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-02-2015
Ran by Cassandra (administrator) on INSPIRON560 on 05-02-2015 05:54:25
Running from C:\Users\Cassandra\Desktop
Loaded Profiles: Cassandra (Available profiles: Cassandra)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Stardock Corporation) C:\Program Files\Dell\DellDock\DockLogin.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE
(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare 8\Monitor.exe
(Intuit) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
(IObit) C:\Program Files (x86)\IObit\Smart Defrag 3\SmartDefrag.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Google Inc.) C:\Users\Cassandra\AppData\Local\Programs\Google\MusicManager\MusicManager.exe
() C:\Program Files (x86)\TopTab\explorer-task\explorer-task.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCTray.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
(Intuit Inc.) C:\Program Files (x86)\Intuit\QuickBooks 2011\QBW32.EXE
() C:\Windows\SysWOW64\UTSCSI.EXE
(Stardock Corporation) C:\Program Files\Dell\DellDock\DellDock.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare 8\AutoCare.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Intuit, Inc.) C:\Program Files (x86)\Intuit\QuickBooks 2011\QBHelp.exe
(IObit) C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [8306208 2009-10-20] (Realtek Semiconductor)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284696 2010-03-03] (Intel Corporation)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [976320 2009-12-03] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [LTCM Client] => C:\Program Files (x86)\LTCM Client\ltcmClient.exe [1596096 2009-08-05] (Leader Technologies Inc.)
HKLM-x32\...\Run: [Intuit SyncManager] => C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe [1497352 2011-02-21] (Intuit Inc. All rights reserved.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-09-12] (Adobe Systems Incorporated)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-637550786-695466938-1670476771-1000\...\Run: [EPSON NX125 NX127 Series] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIGGA.EXE [224768 2009-09-14] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-637550786-695466938-1670476771-1000\...\Run: [cdloader] => C:\Users\Cassandra\AppData\Roaming\mjusbsp\cdloader2.exe [50592 2012-02-01] (magicJack L.P.)
HKU\S-1-5-21-637550786-695466938-1670476771-1000\...\Run: [MusicManager] => C:\Users\Cassandra\AppData\Local\Programs\Google\MusicManager\MusicManager.exe [7475200 2014-11-13] (Google Inc.)
HKU\S-1-5-21-637550786-695466938-1670476771-1000\...\Run: [Google Update] => C:\Users\Cassandra\AppData\Local\Google\Update\GoogleUpdate.exe [107912 2014-10-22] (Google Inc.)
HKU\S-1-5-21-637550786-695466938-1670476771-1000\...\Run: [explorertask] => C:\PROGRAM FILES (X86)\TOPTAB\EXPLORER-TASK\EXPLORER-TASK.EXE [22016 2014-11-26] ()
HKU\S-1-5-21-637550786-695466938-1670476771-1000\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7780120 2015-01-28] (SUPERAntiSpyware)
HKU\S-1-5-21-637550786-695466938-1670476771-1000\...\Run: [Advanced SystemCare 8] => C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCTray.exe [2428704 2015-01-20] (IObit)
HKU\S-1-5-21-637550786-695466938-1670476771-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7404312 2015-01-20] (Piriform Ltd)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Intuit Data Protect.lnk
ShortcutTarget: Intuit Data Protect.lnk -> C:\Program Files (x86)\Common Files\Intuit\DataProtect\IntuitDataProtect.exe (Intuit Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
ShortcutTarget: QuickBooks Update Agent.lnk -> C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks_Standard_21.lnk
ShortcutTarget: QuickBooks_Standard_21.lnk -> C:\Program Files (x86)\Intuit\QuickBooks 2011\QBW32.EXE (Intuit Inc.)
Startup: C:\Users\Cassandra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk
ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (No File)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (No File)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
BootExecute: autocheck autochk * C:\PROGRA~2\AVG\AVG2012\avgrsa.exe /sync /restart

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = https://search.yahoo.com/yhs/search?type=odc278&hspart=avast&hsimp=yhs-001&p={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-637550786-695466938-1670476771-1000\Software\Microsoft\Internet Explorer\Main,Search Page = https://search.yahoo.com/yhs/search?type=odc278&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKLM -> {589B893E-773C-4941-88C2-0DCC718E621C} URL =
SearchScopes: HKLM -> {D29DFD1A-1D5C-43B2-A96D-4A9394F2543D} URL = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {20A4E07C-4323-4D1F-A060-116C013E7C90} URL = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://search.yahoo.com/yhs/search?type=odc278&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKU\S-1-5-21-637550786-695466938-1670476771-1000 -> {20A4E07C-4323-4D1F-A060-116C013E7C90} URL =
SearchScopes: HKU\S-1-5-21-637550786-695466938-1670476771-1000 -> {589B893E-773C-4941-88C2-0DCC718E621C} URL =
SearchScopes: HKU\S-1-5-21-637550786-695466938-1670476771-1000 -> {D29DFD1A-1D5C-43B2-A96D-4A9394F2543D} URL =
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll (IObit)
BHO-x32: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
Handler-x32: intu-help-qb4 - {ACE22922-D07C-4860-B51B-8CF472FEC2CB} - C:\Program Files (x86)\Intuit\QuickBooks 2011\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler-x32: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\Windows\SysWOW64\mscoree.dll (Microsoft Corporation)
Winsock: Catalog9 01 C:\Windows\SysWOW64\ColorMedia.dll [324776] (CartCrunch Israel Ltd.)
Winsock: Catalog9 02 C:\Windows\SysWOW64\ColorMedia.dll [324776] (CartCrunch Israel Ltd.)
Winsock: Catalog9 03 C:\Windows\SysWOW64\ColorMedia.dll [324776] (CartCrunch Israel Ltd.)
Winsock: Catalog9 04 C:\Windows\SysWOW64\ColorMedia.dll [324776] (CartCrunch Israel Ltd.)
Winsock: Catalog9 15 C:\Windows\SysWOW64\ColorMedia.dll [324776] (CartCrunch Israel Ltd.)
Winsock: Catalog9-x64 01 C:\Windows\system32\ColorMedia64.dll [370688] (CartCrunch Israel Ltd.)
Winsock: Catalog9-x64 02 C:\Windows\system32\ColorMedia64.dll [370688] (CartCrunch Israel Ltd.)
Winsock: Catalog9-x64 03 C:\Windows\system32\ColorMedia64.dll [370688] (CartCrunch Israel Ltd.)
Winsock: Catalog9-x64 04 C:\Windows\system32\ColorMedia64.dll [370688] (CartCrunch Israel Ltd.)
Winsock: Catalog9-x64 15 C:\Windows\system32\ColorMedia64.dll [370688] (CartCrunch Israel Ltd.)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Cassandra\AppData\Roaming\Mozilla\Firefox\Profiles\1pzhtfe7.default-1422828397495
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_296.dll ()
FF Plugin: @java.com/DTPlugin,version=1.6.0_45 -> C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_296.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1216156.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=1.6.0_45 -> C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-637550786-695466938-1670476771-1000: @citrixonline.com/appdetectorplugin -> C:\Users\Cassandra\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF Plugin HKU\S-1-5-21-637550786-695466938-1670476771-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Cassandra\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-637550786-695466938-1670476771-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Cassandra\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF

Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.94\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.94\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.94\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll No File
CHR Plugin: (AVG SiteSafety plugin) - C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\15.5.0\\npsitesafety.dll No File
CHR Plugin: (Java™ Platform SE 6 U31) - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll No File
CHR Plugin: (McAfee Security Scanner +) - C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMss.dll No File
CHR Plugin: (Windows Live® Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Best Buy pc app Detector) - C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll No File
CHR Plugin: (Google Update) - C:\Users\Cassandra\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll No File
CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll No File
CHR Profile: C:\Users\Cassandra\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Angry Birds) - C:\Users\Cassandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj [2013-09-13]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Cassandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-22]
CHR Extension: (Rage Comics) - C:\Users\Cassandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\bigbpmgpdffelbefknlmefjiejgoinao [2013-09-13]
CHR Extension: (YouTube) - C:\Users\Cassandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-09-13]
CHR Extension: (Spotify - Music for every moment) - C:\Users\Cassandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnkjkdjlofllcpbemipjbcpfnglbgieh [2013-09-13]
CHR Extension: (Google Search) - C:\Users\Cassandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-09-13]
CHR Extension: (Search All) - C:\Users\Cassandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\eekjldapjblgadclklmgolijbagmdnfk [2015-02-01]
CHR Extension: (Cut the Rope) - C:\Users\Cassandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkddaofiamhgfjmaccfcfpfolpgbeomj [2013-09-13]
CHR Extension: (Pathuku) - C:\Users\Cassandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\hkiilmogcdkeefnbemdagpmcediekadb [2013-09-13]
CHR Extension: (An Awesome Book!) - C:\Users\Cassandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcafjdhiidcpdgpdbpnllmpheogojkfl [2013-09-13]
CHR Extension: (Little Alchemy) - C:\Users\Cassandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\knkapnclbofjjgicpkfoagdjohlfjhpd [2013-09-13]
CHR Extension: (Webcam Toy) - C:\Users\Cassandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfbgimoladefibpklnfmkpknadbklade [2013-09-13]
CHR Extension: (Quick Note) - C:\Users\Cassandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\mijlebbfndhelmdpmllgcfadlkankhok [2013-09-13]
CHR Extension: (Sinuous) - C:\Users\Cassandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\omlmnomieeknagejjojcpdomnbnbchdl [2013-09-13]
CHR Extension: (Gmail) - C:\Users\Cassandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-09-13]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-22] (SUPERAntiSpyware.com)
R2 AdvancedSystemCareService8; C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCService.exe [815392 2014-11-04] (IObit)
R2 DockLoginService; C:\Program Files\Dell\DellDock\DockLogin.exe [155648 2009-06-09] (Stardock Corporation) [File not signed]
S2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2724128 2015-01-16] (IObit)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)
R2 QBCFMonitorService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe [45056 2011-03-05] (Intuit) [File not signed]
S3 QBFCService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe [61440 2009-07-23] (Intuit Inc.) [File not signed]
R2 UTSCSI; C:\Windows\SysWOW64\UTSCSI.EXE [45056 2013-02-02] () [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 AnyDVD; C:\Windows\System32\Drivers\AnyDVD.sys [125512 2010-12-01] (SlySoft, Inc.)
R3 AnyDVD; C:\Windows\SysWOW64\Drivers\AnyDVD.sys [125512 2010-12-01] (SlySoft, Inc.)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-08-30] ()
R1 cmwf; C:\Windows\system32\Drivers\cmwf.sys [33952 2015-01-07] () [File not signed] <==== ATTENTION
R1 cmwr; C:\Windows\system32\Drivers\cmwr.sys [45216 2015-01-07] () [File not signed] <==== ATTENTION
R1 HWiNFO32; C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [26528 2015-01-28] (REALiX™)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)
S3 pfc; C:\Windows\SysWOW64\drivers\pfc.sys [10368 2006-10-02] (Padus, Inc.) [File not signed]
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R0 SmartDefragDriver; C:\Windows\System32\Drivers\SmartDefragDriver.sys [21184 2014-06-04] (IObit)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [35064 2015-01-28] ()

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-02 16:01 - 2015-02-02 16:01 - 00001000 _____ () C:\Windows\PFRO.log
2015-02-01 16:13 - 2015-02-05 05:52 - 00185371 _____ () C:\Windows\WindowsUpdate.log
2015-02-01 16:12 - 2015-02-01 16:12 - 00000000 ____D () C:\Users\Cassandra\AppData\Local\CrashDumps
2015-02-01 16:02 - 2015-02-05 05:49 - 00000168 _____ () C:\Windows\setupact.log
2015-02-01 16:02 - 2015-02-01 16:02 - 00000000 _____ () C:\Windows\setuperr.log
2015-02-01 07:42 - 2015-02-01 07:42 - 00852594 _____ () C:\Users\Cassandra\Downloads\SecurityCheck.exe
2015-02-01 07:31 - 2015-02-01 07:31 - 00000000 ____D () C:\Users\Cassandra\Desktop\FRST-OlderVersion
2015-02-01 07:19 - 2015-02-01 07:19 - 00005417 _____ () C:\Users\Cassandra\Downloads\fixlist.txt
2015-01-30 14:05 - 2015-02-05 05:54 - 00021361 _____ () C:\Users\Cassandra\Desktop\FRST.txt
2015-01-30 14:04 - 2015-02-05 05:54 - 00000000 ____D () C:\FRST
2015-01-30 14:04 - 2015-02-01 07:31 - 02131456 _____ (Farbar) C:\Users\Cassandra\Desktop\FRST64.exe
2015-01-30 13:39 - 2015-01-30 13:53 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-01-30 13:30 - 2015-01-30 13:33 - 00002454 _____ () C:\Users\Cassandra\Desktop\Rkill.txt
2015-01-30 13:30 - 2015-01-30 13:30 - 01943800 _____ (Bleeping Computer, LLC) C:\Users\Cassandra\Downloads\rkill.exe
2015-01-30 13:22 - 2015-01-30 13:22 - 02194432 _____ () C:\Users\Cassandra\Downloads\AdwCleaner(1).exe
2015-01-30 13:21 - 2015-01-30 13:21 - 02194432 _____ () C:\Users\Cassandra\Downloads\AdwCleaner.exe
2015-01-30 13:13 - 2015-01-30 13:38 - 00000000 ____D () C:\AdwCleaner
2015-01-30 05:26 - 2015-01-30 05:26 - 00002780 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2015-01-30 05:26 - 2015-01-30 05:26 - 00000824 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2015-01-30 05:25 - 2015-01-30 05:25 - 05325208 _____ (Piriform Ltd) C:\Users\Cassandra\Downloads\ccsetup502.exe
2015-01-29 17:46 - 2015-01-29 17:46 - 00007596 _____ () C:\Users\Cassandra\AppData\Local\Resmon.ResmonCfg
2015-01-28 14:57 - 2015-01-28 14:57 - 00545200 _____ (Sun Microsystems, Inc.) C:\Windows\system32\npdeployJava1.dll
2015-01-28 14:56 - 2015-01-28 14:56 - 00477616 _____ (Sun Microsystems, Inc.) C:\Windows\SysWOW64\npdeployJava1.dll
2015-01-28 14:54 - 2015-01-28 14:54 - 04263128 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\RTKVHD64.sys
2015-01-28 14:54 - 2015-01-28 14:54 - 03186544 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkApi64.dll
2015-01-28 14:54 - 2015-01-28 14:54 - 02860760 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtPgEx64.dll
2015-01-28 14:54 - 2015-01-28 14:54 - 02827120 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RltkAPO64.dll
2015-01-28 14:54 - 2015-01-28 14:54 - 02770976 _____ (Fortemedia Corporation) C:\Windows\system32\FMAPO64.dll
2015-01-28 14:54 - 2015-01-28 14:54 - 02041432 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioEQ64.dll
2015-01-28 14:54 - 2015-01-28 14:54 - 02000640 _____ (Creative Technology Ltd.) C:\Windows\system32\MBAPO264.dll
2015-01-28 14:54 - 2015-01-28 14:54 - 01959128 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTSnMg64.cpl
2015-01-28 14:54 - 2015-01-28 14:54 - 01728768 _____ (Creative Technology Ltd.) C:\Windows\SysWOW64\MBAPO232.dll
2015-01-28 14:54 - 2015-01-28 14:54 - 01443340 _____ () C:\Windows\system32\Drivers\RTAIODAT.DAT
2015-01-28 14:54 - 2015-01-28 14:54 - 01287384 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTCOM64.dll
2015-01-28 14:54 - 2015-01-28 14:54 - 00959704 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RCoInstII64.dll
2015-01-28 14:54 - 2015-01-28 14:54 - 00897152 _____ (Creative Technology Ltd.) C:\Windows\system32\MBAPO64.dll
2015-01-28 14:54 - 2015-01-28 14:54 - 00753280 _____ (Creative Technology Ltd.) C:\Windows\SysWOW64\MBAPO32.dll
2015-01-28 14:54 - 2015-01-28 14:54 - 00629464 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtDataProc64.dll
2015-01-28 14:54 - 2015-01-28 14:54 - 00628504 _____ (Creative Technology Ltd.) C:\Windows\system32\MBTHX64.dll
2015-01-28 14:54 - 2015-01-28 14:54 - 00563992 _____ (Creative Technology Ltd.) C:\Windows\SysWOW64\MBTHX32.dll
2015-01-28 14:54 - 2015-01-28 14:54 - 00560328 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTAC64.dll
2015-01-28 14:54 - 2015-01-28 14:54 - 00518896 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSTSX64.dll
2015-01-28 14:54 - 2015-01-28 14:54 - 00397592 _____ (Creative Technology Ltd.) C:\Windows\system32\MBWrp64.dll
2015-01-28 14:54 - 2015-01-28 14:54 - 00375128 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEP64A.dll
2015-01-28 14:54 - 2015-01-28 14:54 - 00331880 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtlCPAPI64.dll
2015-01-28 14:54 - 2015-01-28 14:54 - 00318808 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO20.dll
2015-01-28 14:54 - 2015-01-28 14:54 - 00310104 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DHT64.dll
2015-01-28 14:54 - 2015-01-28 14:54 - 00310104 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DAA64.dll
2015-01-28 14:54 - 2015-01-28 14:54 - 00211184 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSTSH64.dll
2015-01-28 14:54 - 2015-01-28 14:54 - 00204120 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEED64A.dll
2015-01-28 14:54 - 2015-01-28 14:54 - 00198896 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSHP64.dll
2015-01-28 14:54 - 2015-01-28 14:54 - 00155888 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSWOW64.dll
2015-01-28 14:54 - 2015-01-28 14:54 - 00149608 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCfg64.dll
2015-01-28 14:54 - 2015-01-28 14:54 - 00113576 _____ (Real Sound Lab SIA) C:\Windows\system32\CONEQMSAPOGUILibrary.dll
2015-01-28 14:54 - 2015-01-28 14:54 - 00108640 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTAR64.dll
2015-01-28 14:54 - 2015-01-28 14:54 - 00101208 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEL64A.dll
2015-01-28 14:54 - 2015-01-28 14:54 - 00078680 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEG64A.dll
2015-01-28 14:54 - 2015-01-28 14:54 - 00014952 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCoLDR64.dll
2015-01-28 14:53 - 2015-01-28 14:53 - 00942808 _____ (Realtek ) C:\Windows\system32\Drivers\Rt64win7.sys
2015-01-28 14:53 - 2015-01-28 14:53 - 00073800 _____ (Realtek Semiconductor Corporation) C:\Windows\system32\RtNicProp64.dll
2015-01-28 14:51 - 2015-01-28 14:51 - 15546880 _____ (Intel Corporation) C:\Windows\system32\ig4icd64.dll
2015-01-28 14:51 - 2015-01-28 14:51 - 11405824 _____ (Intel Corporation) C:\Windows\SysWOW64\ig4icd32.dll
2015-01-28 14:51 - 2015-01-28 14:51 - 10629408 _____ (Intel Corporation) C:\Windows\system32\Drivers\igdkmd64.sys
2015-01-28 14:51 - 2015-01-28 14:51 - 06549504 _____ (Intel Corporation) C:\Windows\system32\igdumd64.dll
2015-01-28 14:51 - 2015-01-28 14:51 - 04896768 _____ (Intel Corporation) C:\Windows\SysWOW64\igdumd32.dll
2015-01-28 14:51 - 2015-01-28 14:51 - 03158560 _____ (Intel Corporation) C:\Windows\system32\GfxUI.exe
2015-01-28 14:51 - 2015-01-28 14:51 - 00571904 _____ (Intel Corporation) C:\Windows\SysWOW64\igdumdx32.dll
2015-01-28 14:51 - 2015-01-28 14:51 - 00511008 _____ (Intel Corporation) C:\Windows\system32\igfxsrvc.exe
2015-01-28 14:51 - 2015-01-28 14:51 - 00418336 _____ (Intel Corporation) C:\Windows\system32\SETCD88.tmp
2015-01-28 14:51 - 2015-01-28 14:51 - 00418336 _____ (Intel Corporation) C:\Windows\system32\SETBF09.tmp
2015-01-28 14:51 - 2015-01-28 14:51 - 00418336 _____ (Intel Corporation) C:\Windows\system32\SETBC74.tmp
2015-01-28 14:51 - 2015-01-28 14:51 - 00418336 _____ (Intel Corporation) C:\Windows\system32\SETA7DF.tmp
2015-01-28 14:51 - 2015-01-28 14:51 - 00418336 _____ (Intel Corporation) C:\Windows\system32\SET940D.tmp
2015-01-28 14:51 - 2015-01-28 14:51 - 00418336 _____ (Intel Corporation) C:\Windows\system32\SET7903.tmp
2015-01-28 14:51 - 2015-01-28 14:51 - 00418336 _____ (Intel Corporation) C:\Windows\system32\SET66C6.tmp
2015-01-28 14:51 - 2015-01-28 14:51 - 00418336 _____ (Intel Corporation) C:\Windows\system32\SET41E4.tmp
2015-01-28 14:51 - 2015-01-28 14:51 - 00387616 _____ (Intel Corporation) C:\Windows\system32\SETCD39.tmp
2015-01-28 14:51 - 2015-01-28 14:51 - 00387616 _____ (Intel Corporation) C:\Windows\system32\SETBDAF.tmp
2015-01-28 14:51 - 2015-01-28 14:51 - 00387616 _____ (Intel Corporation) C:\Windows\system32\SETBC15.tmp
2015-01-28 14:51 - 2015-01-28 14:51 - 00387616 _____ (Intel Corporation) C:\Windows\system32\SETA771.tmp
2015-01-28 14:51 - 2015-01-28 14:51 - 00387616 _____ (Intel Corporation) C:\Windows\system32\SET938F.tmp
2015-01-28 14:51 - 2015-01-28 14:51 - 00387616 _____ (Intel Corporation) C:\Windows\system32\SET7894.tmp
2015-01-28 14:51 - 2015-01-28 14:51 - 00387616 _____ (Intel Corporation) C:\Windows\system32\SET6668.tmp
2015-01-28 14:51 - 2015-01-28 14:51 - 00387616 _____ (Intel Corporation) C:\Windows\system32\SET4186.tmp
2015-01-28 14:51 - 2015-01-28 14:51 - 00380416 _____ (Intel Corporation) C:\Windows\system32\igfxTMM.dll
2015-01-28 14:51 - 2015-01-28 14:51 - 00272384 _____ (Intel Corporation) C:\Windows\system32\igfxdev.dll
2015-01-28 14:51 - 2015-01-28 14:51 - 00244224 _____ (Intel Corporation) C:\Windows\system32\igfxpph.dll
2015-01-28 14:51 - 2015-01-28 14:51 - 00228864 _____ (Intel Corporation) C:\Windows\SysWOW64\igfxdv32.dll
2015-01-28 14:51 - 2015-01-28 14:51 - 00224800 _____ (Intel Corporation) C:\Windows\system32\igfxext.exe
2015-01-28 14:51 - 2015-01-28 14:51 - 00189552 _____ () C:\Windows\system32\Gfxres.th-TH.resources
2015-01-28 14:51 - 2015-01-28 14:51 - 00178407 _____ () C:\Windows\system32\Gfxres.el-GR.resources
2015-01-28 14:51 - 2015-01-28 14:51 - 00165395 _____ () C:\Windows\system32\Gfxres.ru-RU.resources
2015-01-28 14:51 - 2015-01-28 14:51 - 00163360 _____ (Intel Corporation) C:\Windows\system32\SETCCDA.tmp
2015-01-28 14:51 - 2015-01-28 14:51 - 00163360 _____ (Intel Corporation) C:\Windows\system32\SETBD03.tmp
2015-01-28 14:51 - 2015-01-28 14:51 - 00163360 _____ (Intel Corporation) C:\Windows\system32\SETBBA7.tmp
2015-01-28 14:51 - 2015-01-28 14:51 - 00163360 _____ (Intel Corporation) C:\Windows\system32\SETA6E3.tmp
2015-01-28 14:51 - 2015-01-28 14:51 - 00163360 _____ (Intel Corporation) C:\Windows\system32\SET92B4.tmp
2015-01-28 14:51 - 2015-01-28 14:51 - 00163360 _____ (Intel Corporation) C:\Windows\system32\SET7836.tmp
2015-01-28 14:51 - 2015-01-28 14:51 - 00163360 _____ (Intel Corporation) C:\Windows\system32\SET65EA.tmp
2015-01-28 14:51 - 2015-01-28 14:51 - 00163360 _____ (Intel Corporation) C:\Windows\system32\SET4108.tmp
2015-01-28 14:51 - 2015-01-28 14:51 - 00154656 _____ (Intel Corporation) C:\Windows\system32\difx64.exe
2015-01-28 14:51 - 2015-01-28 14:51 - 00142336 _____ (Intel Corporation) C:\Windows\system32\igfxdo.dll
2015-01-28 14:51 - 2015-01-28 14:51 - 00139909 _____ () C:\Windows\system32\Gfxres.ar-SA.resources
2015-01-28 14:51 - 2015-01-28 14:51 - 00136401 _____ () C:\Windows\system32\Gfxres.ja-JP.resources
2015-01-28 14:51 - 2015-01-28 14:51 - 00133746 _____ () C:\Windows\system32\Gfxres.he-IL.resources
2015-01-28 14:51 - 2015-01-28 14:51 - 00125558 _____ () C:\Windows\system32\Gfxres.it-IT.resources
2015-01-28 14:51 - 2015-01-28 14:51 - 00123230 _____ () C:\Windows\system32\Gfxres.ko-KR.resources
2015-01-28 14:51 - 2015-01-28 14:51 - 00122927 _____ () C:\Windows\system32\Gfxres.es-ES.resources
2015-01-28 14:51 - 2015-01-28 14:51 - 00122709 _____ () C:\Windows\system32\Gfxres.de-DE.resources
2015-01-28 14:51 - 2015-01-28 14:51 - 00122368 _____ (Intel Corporation) C:\Windows\system32\igfxcpl.cpl
2015-01-28 14:51 - 2015-01-28 14:51 - 00121173 _____ () C:\Windows\system32\Gfxres.tr-TR.resources
2015-01-28 14:51 - 2015-01-28 14:51 - 00120800 _____ () C:\Windows\system32\Gfxres.fr-FR.resources
2015-01-28 14:51 - 2015-01-28 14:51 - 00120366 _____ () C:\Windows\system32\Gfxres.pt-BR.resources
2015-01-28 14:51 - 2015-01-28 14:51 - 00119808 _____ (Intel Corporation) C:\Windows\system32\gfxSrvc.dll
2015-01-28 14:51 - 2015-01-28 14:51 - 00119616 _____ () C:\Windows\system32\Gfxres.hu-HU.resources
2015-01-28 14:51 - 2015-01-28 14:51 - 00119586 _____ () C:\Windows\system32\Gfxres.nl-NL.resources
2015-01-28 14:51 - 2015-01-28 14:51 - 00119360 _____ () C:\Windows\system32\Gfxres.sv-SE.resources
2015-01-28 14:51 - 2015-01-28 14:51 - 00119067 _____ () C:\Windows\system32\Gfxres.pt-PT.resources
2015-01-28 14:51 - 2015-01-28 14:51 - 00118745 _____ () C:\Windows\system32\Gfxres.cs-CZ.resources
2015-01-28 14:51 - 2015-01-28 14:51 - 00118697 _____ () C:\Windows\system32\Gfxres.fi-FI.resources
2015-01-28 14:51 - 2015-01-28 14:51 - 00118409 _____ () C:\Windows\system32\Gfxres.pl-PL.resources
2015-01-28 14:51 - 2015-01-28 14:51 - 00118058 _____ () C:\Windows\system32\Gfxres.sk-SK.resources
2015-01-28 14:51 - 2015-01-28 14:51 - 00114852 _____ () C:\Windows\system32\Gfxres.nb-NO.resources
2015-01-28 14:51 - 2015-01-28 14:51 - 00114372 _____ () C:\Windows\system32\Gfxres.sl-SI.resources
2015-01-28 14:51 - 2015-01-28 14:51 - 00114261 _____ () C:\Windows\system32\Gfxres.da-DK.resources
2015-01-28 14:51 - 2015-01-28 14:51 - 00110211 _____ () C:\Windows\system32\Gfxres.en-US.resources
2015-01-28 14:51 - 2015-01-28 14:51 - 00104044 _____ () C:\Windows\system32\Gfxres.zh-TW.resources
2015-01-28 14:51 - 2015-01-28 14:51 - 00102883 _____ () C:\Windows\system32\Gfxres.zh-CN.resources
2015-01-28 14:51 - 2015-01-28 14:51 - 00090112 _____ (Intel Corporation) C:\Windows\system32\igfxCoIn_v2869.dll
2015-01-28 14:51 - 2015-01-28 14:51 - 00088576 _____ (Intel Corporation) C:\Windows\system32\igfxrfra.lrc
2015-01-28 14:51 - 2015-01-28 14:51 - 00088576 _____ (Intel Corporation) C:\Windows\system32\igfxresn.lrc
2015-01-28 14:51 - 2015-01-28 14:51 - 00088576 _____ (Intel Corporation) C:\Windows\system32\igfxrell.lrc
2015-01-28 14:51 - 2015-01-28 14:51 - 00088064 _____ (Intel Corporation) C:\Windows\system32\igfxrsky.lrc
2015-01-28 14:51 - 2015-01-28 14:51 - 00088064 _____ (Intel Corporation) C:\Windows\system32\igfxrrus.lrc
2015-01-28 14:51 - 2015-01-28 14:51 - 00088064 _____ (Intel Corporation) C:\Windows\system32\igfxrptg.lrc
2015-01-28 14:51 - 2015-01-28 14:51 - 00088064 _____ (Intel Corporation) C:\Windows\system32\igfxrplk.lrc
2015-01-28 14:51 - 2015-01-28 14:51 - 00088064 _____ (Intel Corporation) C:\Windows\system32\igfxrnld.lrc
2015-01-28 14:51 - 2015-01-28 14:51 - 00088064 _____ (Intel Corporation) C:\Windows\system32\igfxrita.lrc
2015-01-28 14:51 - 2015-01-28 14:51 - 00088064 _____ (Intel Corporation) C:\Windows\system32\igfxrdeu.lrc
2015-01-28 14:51 - 2015-01-28 14:51 - 00087552 _____ (Intel Corporation) C:\Windows\system32\SETCDD7.tmp
2015-01-28 14:51 - 2015-01-28 14:51 - 00087552 _____ (Intel Corporation) C:\Windows\system32\SETC81C.tmp
2015-01-28 14:51 - 2015-01-28 14:51 - 00087552 _____ (Intel Corporation) C:\Windows\system32\SETBD01.tmp
2015-01-28 14:51 - 2015-01-28 14:51 - 00087552 _____ (Intel Corporation) C:\Windows\system32\SETA82E.tmp
2015-01-28 14:51 - 2015-01-28 14:51 - 00087552 _____ (Intel Corporation) C:\Windows\system32\SET946C.tmp
2015-01-28 14:51 - 2015-01-28 14:51 - 00087552 _____ (Intel Corporation) C:\Windows\system32\SET79A0.tmp
2015-01-28 14:51 - 2015-01-28 14:51 - 00087552 _____ (Intel Corporation) C:\Windows\system32\SET6715.tmp
2015-01-28 14:51 - 2015-01-28 14:51 - 00087552 _____ (Intel Corporation) C:\Windows\system32\SET4243.tmp
2015-01-28 14:51 - 2015-01-28 14:51 - 00087552 _____ (Intel Corporation) C:\Windows\system32\igfxrtrk.lrc
2015-01-28 14:51 - 2015-01-28 14:51 - 00087552 _____ (Intel Corporation) C:\Windows\system32\igfxrsve.lrc
2015-01-28 14:51 - 2015-01-28 14:51 - 00087552 _____ (Intel Corporation) C:\Windows\system32\igfxrslv.lrc
2015-01-28 14:51 - 2015-01-28 14:51 - 00087552 _____ (Intel Corporation) C:\Windows\system32\igfxrptb.lrc
2015-01-28 14:51 - 2015-01-28 14:51 - 00087552 _____ (Intel Corporation) C:\Windows\system32\igfxrnor.lrc
2015-01-28 14:51 - 2015-01-28 14:51 - 00087552 _____ (Intel Corporation) C:\Windows\system32\igfxrhun.lrc
2015-01-28 14:51 - 2015-01-28 14:51 - 00087552 _____ (Intel Corporation) C:\Windows\system32\igfxrfin.lrc
2015-01-28 14:51 - 2015-01-28 14:51 - 00087552 _____ (Intel Corporation) C:\Windows\system32\igfxrcsy.lrc
2015-01-28 14:51 - 2015-01-28 14:51 - 00087040 _____ (Intel Corporation) C:\Windows\system32\igfxrtha.lrc
2015-01-28 14:51 - 2015-01-28 14:51 - 00087040 _____ (Intel Corporation) C:\Windows\system32\igfxrdan.lrc
2015-01-28 14:51 - 2015-01-28 14:51 - 00086528 _____ (Intel Corporation) C:\Windows\system32\igfxrheb.lrc
2015-01-28 14:51 - 2015-01-28 14:51 - 00086528 _____ (Intel Corporation) C:\Windows\system32\igfxrara.lrc
2015-01-28 14:51 - 2015-01-28 14:51 - 00084992 _____ (Intel Corporation) C:\Windows\system32\igfxrkor.lrc
2015-01-28 14:51 - 2015-01-28 14:51 - 00084992 _____ (Intel Corporation) C:\Windows\system32\igfxrjpn.lrc
2015-01-28 14:51 - 2015-01-28 14:51 - 00083968 _____ (Intel Corporation) C:\Windows\system32\igfxrcht.lrc
2015-01-28 14:51 - 2015-01-28 14:51 - 00083968 _____ (Intel Corporation) C:\Windows\system32\igfxrchs.lrc
2015-01-28 14:51 - 2015-01-28 14:51 - 00027648 _____ (Intel Corporation) C:\Windows\system32\igfxexps.dll
2015-01-28 14:51 - 2015-01-28 14:51 - 00023552 _____ (Intel Corporation) C:\Windows\SysWOW64\igfxexps32.dll
2015-01-28 14:51 - 2015-01-28 14:51 - 00005448 _____ () C:\Windows\system32\iglhxs64.vp
2015-01-28 14:51 - 2015-01-28 14:51 - 00004096 _____ ( ) C:\Windows\system32\IGFXDEVLib.dll
2015-01-28 14:50 - 2015-01-28 14:50 - 00145408 _____ (Intel® Corporation) C:\Windows\system32\Drivers\IntcHdmi.sys
2015-01-28 14:50 - 2015-01-28 14:50 - 00006144 _____ () C:\Windows\system32\SET58F0.tmp
2015-01-28 14:43 - 2015-01-30 13:02 - 00002862 _____ () C:\Windows\System32\Tasks\Driver Booster SkipUAC (Cassandra)
2015-01-28 14:43 - 2015-01-28 14:44 - 00002146 _____ () C:\Users\Public\Desktop\Driver Booster 2.lnk
2015-01-28 14:43 - 2015-01-28 14:43 - 00026528 _____ (REALiX™) C:\Windows\SysWOW64\Drivers\HWiNFO64A.SYS
2015-01-28 14:43 - 2015-01-28 14:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Booster 2
2015-01-28 14:42 - 2015-02-01 16:15 - 00002918 _____ () C:\Windows\System32\Tasks\Uninstaller_SkipUac_Cassandra
2015-01-28 14:42 - 2015-01-28 14:42 - 00001230 _____ () C:\Users\Public\Desktop\IObit Uninstaller.lnk
2015-01-28 14:41 - 2015-01-28 14:41 - 00003198 _____ () C:\Windows\System32\Tasks\ASC8_PerformanceMonitor
2015-01-28 14:38 - 2015-01-29 18:22 - 00002183 _____ () C:\Users\Public\Desktop\Advanced SystemCare 8.lnk
2015-01-28 14:38 - 2015-01-28 14:38 - 00002886 _____ () C:\Windows\System32\Tasks\ASC8_SkipUac_Cassandra
2015-01-28 14:38 - 2015-01-28 14:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced SystemCare 8
2015-01-28 14:38 - 2015-01-28 14:38 - 00000000 ____D () C:\ProgramData\{BAF091CA-86C4-4627-ADA1-897E2621C1B0}
2015-01-28 14:37 - 2015-01-28 14:37 - 00000000 ____D () C:\Windows\Tasks\ImCleanDisabled
2015-01-28 14:35 - 2015-01-28 14:36 - 44439248 _____ (IObit ) C:\Users\Cassandra\Downloads\advanced-systemcare-setup(3).exe
2015-01-28 14:34 - 2015-01-28 14:35 - 44439248 _____ (IObit ) C:\Users\Cassandra\Downloads\advanced-systemcare-setup(2).exe
2015-01-28 08:36 - 2015-01-28 08:36 - 00000000 _____ () C:\asc_rdflag
2015-01-28 08:18 - 2015-01-28 14:27 - 00035064 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2015-01-28 08:18 - 2015-01-28 08:18 - 00000000 ____D () C:\ProgramData\RogueKiller
2015-01-28 08:08 - 2015-01-28 14:56 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-01-26 18:28 - 2015-01-30 13:39 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-26 18:28 - 2015-01-30 13:39 - 00097496 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-01-26 18:28 - 2015-01-26 18:28 - 00001104 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-01-26 18:28 - 2015-01-26 18:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-01-26 18:28 - 2015-01-26 18:28 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-01-26 18:28 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-01-26 18:28 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-01-26 18:25 - 2015-01-29 18:21 - 00000000 ____D () C:\SUPERDelete
2015-01-26 18:25 - 2015-01-26 18:25 - 00001810 _____ () C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2015-01-26 18:25 - 2015-01-26 18:25 - 00000000 ____D () C:\Users\Cassandra\AppData\Roaming\SUPERAntiSpyware.com
2015-01-26 18:25 - 2015-01-26 18:25 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com
2015-01-26 18:25 - 2015-01-26 18:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2015-01-26 17:30 - 2015-01-26 17:30 - 00001578 _____ () C:\ProgramData\tempimage.bmp
2015-01-26 17:30 - 2015-01-26 17:30 - 00000000 ____D () C:\ProgramData\663c14000001d38
2015-01-26 17:13 - 2015-01-26 17:20 - 00002194 _____ () C:\Users\Cassandra\Desktop\chrome.lnk
2015-01-20 09:31 - 2015-01-20 09:31 - 00000000 ____D () C:\Users\Cassandra\AppData\Local\Desktop_Dock
2015-01-20 09:19 - 2015-01-21 16:18 - 00000065 _____ () C:\Users\Cassandra\AppData\Roaming\WB.CFG
2015-01-19 20:53 - 2015-01-19 20:53 - 00000000 ____D () C:\Program Files (x86)\TopTab
2015-01-19 20:39 - 2015-01-19 20:40 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-01-19 20:39 - 2015-01-19 20:39 - 00002021 _____ () C:\Users\Public\Desktop\Adobe Reader XI.lnk
2015-01-19 20:39 - 2015-01-19 20:39 - 00000000 ____D () C:\Program Files (x86)\Adobe
2015-01-19 20:24 - 2015-01-26 18:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KNCTR
2015-01-19 20:19 - 2015-01-19 20:19 - 00003776 _____ () C:\Windows\System32\Tasks\NNYOXBV
2015-01-19 20:19 - 2015-01-07 21:07 - 00045216 _____ () C:\Windows\system32\Drivers\cmwr.sys
2015-01-19 20:19 - 2015-01-07 21:07 - 00033952 _____ () C:\Windows\system32\Drivers\cmwf.sys
2015-01-19 20:19 - 2015-01-07 20:54 - 00370688 _____ (CartCrunch Israel Ltd.) C:\Windows\system32\ColorMedia64.dll
2015-01-19 20:19 - 2015-01-07 20:54 - 00324776 _____ (CartCrunch Israel Ltd.) C:\Windows\SysWOW64\ColorMedia.dll
2015-01-19 20:17 - 2015-01-26 18:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\turbodiagnosis
2015-01-14 12:41 - 2015-02-05 04:41 - 04437680 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2015-01-14 07:02 - 2014-12-18 21:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-14 07:02 - 2014-12-18 19:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-14 07:02 - 2014-12-11 23:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-14 07:02 - 2014-12-11 23:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-01-14 07:02 - 2014-12-11 23:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-01-14 07:02 - 2014-12-11 23:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-01-14 07:02 - 2014-12-11 23:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-01-14 07:02 - 2014-12-11 23:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-01-14 07:02 - 2014-12-11 23:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-01-14 07:02 - 2014-12-11 11:47 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-14 07:02 - 2014-12-05 22:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-14 07:02 - 2014-12-05 21:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-01-14 07:02 - 2014-12-05 21:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2015-01-13 12:07 - 2015-01-13 12:07 - 00001785 _____ () C:\Users\Public\Desktop\iTunes.lnk
2015-01-13 12:07 - 2015-01-13 12:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-01-13 12:07 - 2015-01-13 12:07 - 00000000 ____D () C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2015-01-13 12:07 - 2015-01-13 12:07 - 00000000 ____D () C:\Program Files\iTunes
2015-01-13 12:07 - 2015-01-13 12:07 - 00000000 ____D () C:\Program Files\iPod
2015-01-13 12:07 - 2015-01-13 12:07 - 00000000 ____D () C:\Program Files (x86)\iTunes
2015-01-12 08:43 - 2015-01-26 17:27 - 00000000 ____D () C:\Users\Cassandra\AppData\Roaming\K9Tools
2015-01-12 08:43 - 2015-01-26 17:05 - 00003062 _____ () C:\Windows\System32\Tasks\K9-PC Protector_startup
2015-01-12 08:43 - 2015-01-12 08:43 - 00000000 ____D () C:\Users\Cassandra\AppData\Roaming\K9AMW
2015-01-12 08:42 - 2015-01-12 08:42 - 00003042 _____ () C:\Windows\System32\Tasks\K9-PCFixer_UPDATES
2015-01-12 08:42 - 2015-01-12 08:42 - 00002886 _____ () C:\Windows\System32\Tasks\K9-PCFixer_DEFAULT
2015-01-12 08:37 - 2015-01-12 08:40 - 44929808 _____ (IObit ) C:\Users\Cassandra\Downloads\advanced-systemcare-setup(1).exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-05 05:52 - 2011-02-24 01:40 - 00000000 ____D () C:\ProgramData\Sonic
2015-02-05 05:50 - 2014-08-30 23:48 - 00000000 ____D () C:\ProgramData\ProductData
2015-02-05 05:49 - 2014-12-10 06:51 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-05 05:49 - 2012-04-03 16:57 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-02-05 05:49 - 2009-07-13 23:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-05 05:17 - 2011-04-24 21:38 - 00000924 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-637550786-695466938-1670476771-1000UA.job
2015-02-05 05:03 - 2014-12-10 06:51 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-05 04:41 - 2012-04-03 16:57 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-02-05 04:41 - 2012-04-03 16:57 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-02-05 04:41 - 2011-06-14 23:00 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-02-05 01:02 - 2011-04-24 22:00 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2015-02-04 18:17 - 2011-04-24 21:38 - 00000872 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-637550786-695466938-1670476771-1000Core.job
2015-02-04 18:12 - 2011-04-24 21:38 - 00003902 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-637550786-695466938-1670476771-1000UA
2015-02-04 18:12 - 2011-04-24 21:38 - 00003506 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-637550786-695466938-1670476771-1000Core
2015-02-03 16:17 - 2009-07-13 22:45 - 00022464 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-03 16:17 - 2009-07-13 22:45 - 00022464 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-03 00:50 - 2011-04-23 12:18 - 00000000 ____D () C:\Users\Cassandra\AppData\Local\Deployment
2015-02-01 07:07 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\system32\NDF
2015-01-30 12:55 - 2014-08-23 08:58 - 00000000 ____D () C:\Users\Cassandra\AppData\Local\Intuit
2015-01-30 12:55 - 2009-07-13 22:45 - 00027648 _____ () C:\Windows\system32\umstartup.etl
2015-01-30 05:26 - 2011-04-24 09:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2015-01-30 05:26 - 2011-04-24 09:52 - 00000000 ____D () C:\Program Files\CCleaner
2015-01-28 21:22 - 2011-04-23 12:13 - 00000000 ____D () C:\Users\Cassandra
2015-01-28 21:19 - 2014-08-30 23:49 - 00000000 ____D () C:\Users\Cassandra\AppData\Roaming\ProductData
2015-01-28 21:19 - 2012-04-26 21:05 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-01-28 21:19 - 2011-11-10 20:24 - 00000000 ____D () C:\ProgramData\Apple
2015-01-28 21:19 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\registration
2015-01-28 14:57 - 2011-04-24 19:35 - 00000000 ____D () C:\Windows\SysWOW64\Adobe
2015-01-28 14:57 - 2011-02-24 01:24 - 00526768 _____ (Sun Microsystems, Inc.) C:\Windows\system32\deployJava1.dll
2015-01-28 14:56 - 2011-02-24 01:24 - 00473520 _____ (Sun Microsystems, Inc.) C:\Windows\SysWOW64\deployJava1.dll
2015-01-28 14:55 - 2011-02-24 03:20 - 00000000 ____D () C:\Windows\SysWOW64\RTCOM
2015-01-28 14:53 - 2011-02-24 03:04 - 00107552 _____ (Realtek Semiconductor Corporation) C:\Windows\system32\RTNUninst64.dll
2015-01-28 14:52 - 2011-02-24 01:24 - 00000000 ____D () C:\Program Files (x86)\Intel
2015-01-28 14:51 - 2011-02-24 03:04 - 04722176 _____ (Intel Corporation) C:\Windows\system32\igd10umd64.dll
2015-01-28 14:51 - 2011-02-24 03:04 - 00830464 _____ (Intel Corporation) C:\Windows\system32\igfxress.dll
2015-01-28 14:51 - 2011-02-24 03:04 - 00108544 _____ (Intel Corporation) C:\Windows\system32\hccutils.dll
2015-01-28 14:51 - 2011-02-24 03:04 - 00061952 _____ (Intel Corporation) C:\Windows\system32\igfxsrvc.dll
2015-01-28 14:51 - 2011-02-11 18:04 - 04338688 _____ (Intel Corporation) C:\Windows\SysWOW64\igd10umd32.dll
2015-01-28 14:43 - 2014-08-30 23:47 - 00000000 ____D () C:\ProgramData\IObit
2015-01-28 14:43 - 2014-08-30 23:45 - 00000000 ____D () C:\Users\Cassandra\AppData\Roaming\IObit
2015-01-28 14:42 - 2014-08-30 23:47 - 00000000 ____D () C:\Program Files (x86)\IObit
2015-01-28 08:36 - 2014-09-22 15:22 - 92270592 _____ () C:\Windows\system32\config\SOFTWARE.iodefrag.bak
2015-01-28 08:36 - 2014-09-22 15:22 - 00270336 _____ () C:\Windows\system32\config\DEFAULT.iodefrag.bak
2015-01-28 08:36 - 2014-09-22 15:22 - 00057344 _____ () C:\Windows\system32\config\SAM.iodefrag.bak
2015-01-28 08:36 - 2014-09-22 15:22 - 00024576 _____ () C:\Windows\system32\config\SECURITY.iodefrag.bak
2015-01-26 18:25 - 2011-06-09 20:38 - 00000000 ____D () C:\Users\Cassandra\AppData\Local\The Weather Channel
2015-01-26 18:09 - 2011-04-24 19:45 - 00000000 ___RD () C:\Users\Cassandra\Desktop\My Games
2015-01-26 18:05 - 2009-07-13 21:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2015-01-26 17:53 - 2012-02-20 22:34 - 00361830 _____ () C:\Users\Cassandra\Desktop\Tigger.jpeg
2015-01-26 17:52 - 2014-01-29 03:02 - 00774632 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2015-01-26 17:52 - 2009-07-13 23:13 - 00774632 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-26 17:27 - 2011-04-24 11:15 - 00000000 ____D () C:\Program Files\LockHunter
2015-01-19 20:39 - 2011-02-24 01:27 - 00000000 ____D () C:\ProgramData\Adobe
2015-01-14 23:23 - 2013-08-14 17:29 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-14 23:18 - 2011-04-25 10:12 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-01-13 12:07 - 2011-11-10 20:26 - 00000000 ____D () C:\ProgramData\Apple Computer
2015-01-13 12:07 - 2011-11-10 20:24 - 00000000 ____D () C:\Program Files\Common Files\Apple
2015-01-13 12:06 - 2014-02-04 21:30 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2015-01-13 06:46 - 2009-07-13 23:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD

==================== Files in the root of some directories =======

2013-06-30 08:37 - 2014-06-22 09:51 - 0003728 _____ () C:\Program Files (x86)\Mozilla Firefoxavg-secure-search.xml
2011-11-07 20:45 - 2011-11-07 20:45 - 0000272 _____ () C:\Users\Cassandra\AppData\Roaming\.backup.dm
2015-01-20 09:19 - 2015-01-21 16:18 - 0000065 _____ () C:\Users\Cassandra\AppData\Roaming\WB.CFG
2013-10-03 20:24 - 2014-11-10 16:37 - 0014848 _____ () C:\Users\Cassandra\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-01-29 17:46 - 2015-01-29 17:46 - 0007596 _____ () C:\Users\Cassandra\AppData\Local\Resmon.ResmonCfg
2011-04-24 21:55 - 2011-04-24 21:55 - 0000043 ___SH () C:\ProgramData\.zreglib
2015-01-26 17:30 - 2015-01-26 17:30 - 0001578 _____ () C:\ProgramData\tempimage.bmp

Some content of TEMP:
====================
C:\Users\Cassandra\AppData\Local\Temp\SpotifyUninstall.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-02-03 00:00

==================== End Of Log ============================


Here is the Addition.txt log...

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 01-02-2015
Ran by Cassandra at 2015-02-05 05:55:32
Running from C:\Users\Cassandra\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
AS: Microsoft Security Essentials (Enabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.296 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.09) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.6.156 - Adobe Systems, Inc.)
Advanced SystemCare 8 (HKLM-x32\...\Advanced SystemCare 8_is1) (Version: 8.1.0 - IObit)
AnyDVD (HKLM-x32\...\AnyDVD) (Version: 6.7.7.0 - SlySoft)
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Ashampoo Burning Studio 10.0.3 (HKLM-x32\...\Ashampoo Burning Studio 10_is1) (Version: 10.0.3 - ashampoo GmbH & Co. KG)
Auslogics Disk Defrag (HKLM-x32\...\{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1) (Version: version 3.1 - Auslogics Software Pty Ltd)
Best Buy pc app (Version: 3.1.0.0 - Best Buy) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.02 - Piriform)
Cisco Connect (HKLM-x32\...\Cisco Connect) (Version: 1.4.11266.0 - Cisco Consumer Products LLC)
Citrix Online Launcher (HKLM-x32\...\{E1B40232-F73B-4BF9-A819-E352CCC1EDEF}) (Version: 1.0.122 - Citrix)
CloneDVD2 (HKLM-x32\...\CloneDVD2) (Version: 2.9.2.8 - Elaborate Bytes)
CloneDVDmobile (HKLM-x32\...\CloneDVDmobile) (Version: 1.7.0.0 - SlySoft)
Dell DataSafe Local Backup - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: - Dell)
Dell DataSafe Local Backup (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 9.4.47 - Dell)
Dell Dock (HKLM-x32\...\Dell Dock) (Version: 2.0 - Stardock Corporation)
Dell Dock (Version: 2.0 - Stardock Corporation) Hidden
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Dell Getting Started Guide (HKLM-x32\...\{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}) (Version: 1.00.0000 - Dell Inc.)
Dell Product Registration (HKLM-x32\...\{2A0F2CC5-3065-492C-8380-B03AA7106B1A}) (Version: 1.0.6 - Dell Inc.)
Desktop Icon Position Saver (64-bit) (HKLM-x32\...\dips64) (Version: - )
DirectX 9 Runtime (x32 Version: 1.00.0000 - Sonic Solutions) Hidden
doPDF 7.2 printer (HKLM\...\doPDF 7 printer_is1) (Version: - Softland)
Driver Booster 2.1 (HKLM-x32\...\Driver Booster_is1) (Version: 2.1 - IObit)
DVDFab 8.0.7.3 (29/01/2011) (HKLM\...\DVDFab 8 Retail Dimitry_is1) (Version: - )
Epson CreativeZone (HKLM-x32\...\{E6C82F8F-2031-4825-8CC3-98C5960875C1}) (Version: - )
Epson Easy Photo Print 2 (HKLM-x32\...\{39F58DDB-B2B8-4B86-AF20-4706A80EB30D}) (Version: 2.2.0.0 - SEIKO EPSON CORPORATION)
Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser) (HKLM-x32\...\{B2D55EB8-32C5-4B43-9006-9E97DECBA178}) (Version: 1.00.0000 - SEIKO EPSON CORPORATION)
Epson Event Manager (HKLM-x32\...\{03B8AA32-F23C-4178-B8E6-09ECD07EAA47}) (Version: 2.40.0001 - SEIKO EPSON CORPORATION)
EPSON NX125 NX127 Series Printer Uninstall (HKLM\...\EPSON NX125 NX127 Series) (Version: - SEIKO EPSON Corporation)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - Seiko Epson Corporation)
explorer-task (HKLM-x32\...\{8B5E8E15-7229-4C46-887A-27E1F62AC7FC}) (Version: 1.0.0 - TopTab)
FrostWire 4.21.5 (HKLM-x32\...\FrostWire) (Version: 4.21.5.0 - FrostWire Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 40.0.2214.94 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
GoToAssist 8.0.0.514 (HKLM-x32\...\GoToAssist) (Version: - )
GoToMeeting 5.8.0.1189 (HKU\S-1-5-21-637550786-695466938-1670476771-1000\...\GoToMeeting) (Version: 5.8.0.1189 - CitrixOnline)
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.5.0 - LIGHTNING UK!)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2869 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.6.0.1014 - Intel Corporation)
IObit Uninstaller (HKLM-x32\...\IObitUninstall) (Version: 4.2.6.2 - IObit)
Itibiti RTC (x32 Version: 0.0.1 - Itibiti Inc) Hidden
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
Junk Mail filter update (x32 Version: 14.0.8089.726 - Microsoft Corporation) Hidden
K-Lite Codec Pack (64-bit) v4.6.5 (HKLM\...\KLiteCodecPack64_is1) (Version: 4.6.5 - )
K-Lite Mega Codec Pack 7.1.5 (HKLM-x32\...\KLiteCodecPack_is1) (Version: 7.1.5 - )
K-Lite Video Conversion Pack 1.7.0 (HKLM-x32\...\klvideoconvert_is1) (Version: 1.7.0 - )
LTCM Client (HKLM-x32\...\LTCM Client) (Version: - Leader Technologies Inc.)
magicJack (HKU\S-1-5-21-637550786-695466938-1670476771-1000\...\magicJack) (Version: 2.0.6073.4413 - magicJack L.P.)
magicJack Recovery Tool 1.0 (HKLM-x32\...\magicJack Recovery Tool_is1) (Version: - magicJack, L.P.)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
MemoriesOnTV 3.1.8 (HKLM-x32\...\MemoriesOnTV3_is1) (Version: - )
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office 2007 Primary Interop Assemblies (HKLM-x32\...\{50120000-1105-0000-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Sync Framework Runtime Native v1.0 (x86) (HKLM-x32\...\{8A74E887-8F0F-4017-AF53-CBA42211AAA5}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Sync Framework Services Native v1.0 (x86) (HKLM-x32\...\{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual Studio 2005 Tools for Office Runtime (HKLM-x32\...\Microsoft Visual Studio 2005 Tools for Office Runtime) (Version: - Microsoft Corporation)
Mozilla Firefox 35.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 35.0.1 (x86 en-US)) (Version: 35.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
Music Manager (HKU\S-1-5-21-637550786-695466938-1670476771-1000\...\MusicManager) (Version: - Google, Inc.)
Nero BurnLite 10 (HKLM-x32\...\{842BEE12-CCCB-43F4-ABAF-CBA6DFE2583D}) (Version: 10.0.10600 - Nero AG)
Nero BurnLite 10 (HKLM-x32\...\{AB627AF2-9C7E-4DBD-816B-3B2646B81E89}) (Version: 10.0.10500.5.100 - Nero AG)
PhotoShowExpress (x32 Version: 2.0.028 - Sonic Solutions) Hidden
QuickBooks (x32 Version: 21.0.4006.904 - Intuit Inc.) Hidden
QuickBooks Pro 2011 (HKLM-x32\...\{11E0AC7D-6822-4F67-865F-EE1C13D28C38}) (Version: 21.0.4006.904 - Intuit Inc.)
RBVirtualFolder64Inst (Version: 1.00.0000 - Roxio, Inc.) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7373 - Realtek Semiconductor Corp.)
Roxio Creator Starter (HKLM-x32\...\{6F0BBEFE-BE1C-419B-BA1F-D36C9E7915BC}) (Version: 12.1.40.0 - Roxio)
Roxio File Backup (Version: 1.3.2 - Roxio) Hidden
Smart Defrag 3 (HKLM-x32\...\Smart Defrag 3_is1) (Version: 3.2 - IObit)
Sonic CinePlayer Decoder Pack (x32 Version: 4.3.0 - Sonic Solutions) Hidden
Sothink Movie DVD Maker (HKLM-x32\...\{4F94119D-1B71-400e-9F04-B4E5CEAE71F8}_is1) (Version: 3.5 - SourceTec Software Co., LTD)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1168 - SUPERAntiSpyware.com)
Surfing Protection (HKLM-x32\...\IObit Surfing Protection_is1) (Version: 1.2 - IObit)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Visual Studio 2008 x64 Redistributables (HKLM-x32\...\{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}) (Version: 10.0.0.2 - AVG Technologies)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8089.0726 - Microsoft Corporation)
Windows Live Sign-in Assistant (HKLM-x32\...\{45338B07-A236-4270-9A77-EBB4115517B5}) (Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)
Windows Live Upload Tool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
WinRAR archiver (HKLM\...\WinRAR archiver) (Version: - )

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-637550786-695466938-1670476771-1000_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Program Files (x86)\Citrix\GoToMeeting\1189\G2MOutlookAddin64.dll (Citrix Online, a division of Citrix Systems, Inc.)
CustomCLSID: HKU\S-1-5-21-637550786-695466938-1670476771-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Cassandra\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-637550786-695466938-1670476771-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Cassandra\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-637550786-695466938-1670476771-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Cassandra\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll (Google Inc.)

==================== Restore Points =========================

28-01-2015 14:48:45 Driver Booster : Adobe Shockwave
28-01-2015 14:57:59 Installed DirectX
29-01-2015 18:35:47 Windows Update
01-02-2015 15:50:44 Removed Java™ 6 Update 45
01-02-2015 15:52:11 Removed Java™ 6 Update 45 (64-bit)
01-02-2015 15:59:43 Installed Microsoft Fix it Solution - f4c2a476-3532-4511-a4be-0f5ccc5501af
03-02-2015 16:13:28 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 20:34 - 2009-06-10 15:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {016D7026-A091-45A8-AC16-7CFFDAC6CA74} - System32\Tasks\Uninstaller_SkipUac_Administrator => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe [2015-01-20] (IObit)
Task: {11E16CE9-FE33-4A6A-91A3-783731FE7409} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-12-10] (Google Inc.)
Task: {143C67E3-9837-4309-BC04-6EE9BA22B94C} - System32\Tasks\ASC8_PerformanceMonitor => C:\Program Files (x86)\IObit\Advanced SystemCare 8\Monitor.exe [2015-01-23] (IObit)
Task: {192E9D03-9A34-4D36-A779-A5ADFC135181} - System32\Tasks\Adobe online update program => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-09-12] (Adobe Systems Incorporated)
Task: {2664DE1A-3FF0-4958-B5CA-612905E11EC1} - \CIMT_daily_S-1-5-21-637550786-695466938-1670476771-1000 No Task File <==== ATTENTION
Task: {2F917391-931F-4646-9A01-856DCBD767AB} - System32\Tasks\SmartDefrag3_Startup => C:\Program Files (x86)\IObit\Smart Defrag 3\SmartDefrag.exe [2014-07-02] (IObit)
Task: {3D977DC8-D880-4F5F-A014-4906C989B274} - System32\Tasks\Driver Booster SkipUAC (Cassandra) => C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe [2015-01-07] (IObit)
Task: {48F00C8D-94FA-4AF4-B73C-F793ABC5A329} - \CIMT_S-1-5-21-637550786-695466938-1670476771-1000 No Task File <==== ATTENTION
Task: {4C665D9B-E40D-42D9-8661-0B6DFB580EBB} - System32\Tasks\Uninstaller_SkipUac_Cassandra => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe [2015-01-20] (IObit)
Task: {65267D71-DF29-4310-9CD9-D16BE1513DF3} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-637550786-695466938-1670476771-1000UA => C:\Users\Cassandra\AppData\Local\Google\Update\GoogleUpdate.exe [2014-10-22] (Google Inc.)
Task: {6965BFBE-90C3-44B6-9A6B-7F3712F88971} - System32\Tasks\K9-PC Protector_startup => C:\Program Files (x86)\K9-PC Protector\k9pcp.exe
Task: {714EC160-5557-412B-A9AB-6670A929ED7E} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-637550786-695466938-1670476771-1000Core => C:\Users\Cassandra\AppData\Local\Google\Update\GoogleUpdate.exe [2014-10-22] (Google Inc.)
Task: {756DFB97-EB44-46CE-A167-DE70FFCE4D40} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-05] (Adobe Systems Incorporated)
Task: {76729078-CA4A-45F9-B545-0AB2A39546A5} - System32\Tasks\K9-PCFixer_DEFAULT => C:\Program Files (x86)\K9-PCFixer\K9-PCFixer.exe
Task: {8A043439-56D9-4553-BD77-8DE12118D2A1} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe
Task: {8B3C66F6-135F-476B-9767-BBC76004F20E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-12-10] (Google Inc.)
Task: {9F1D8BA0-75A7-4EFF-80D7-3773B56517E6} - System32\Tasks\ASC8_SkipUac_Cassandra => C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASC.exe [2015-01-27] (IObit)
Task: {A06EB25C-05D7-447A-9248-563D812835FE} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {A659A544-1E93-4D20-9CE3-FD248775D183} - System32\Tasks\NNYOXBV => C:\ProgramData\3a8e94626c7e455eab9ee6b45c18d0d0\3a8e94626c7e455eab9ee6b45c18d0d0.exe
Task: {A92B53DA-55F2-4003-957D-393E2B073E8B} - System32\Tasks\SmartDefrag3_Update => C:\Program Files (x86)\IObit\Smart Defrag 3\AutoUpdate.exe [2014-07-03] (IObit)
Task: {B236F5BE-9313-4EC6-9662-75BA09A39216} - System32\Tasks\K9-PCFixer_UPDATES => C:\Program Files (x86)\K9-PCFixer\K9-PCFixer.exe
Task: {C68E3C6B-5C3E-4C07-BB19-2CD0922AD88C} - System32\Tasks\Google Updater and Installer => C:\Users\Cassandra\AppData\Local\Google\Update\GoogleUpdate.exe [2014-10-22] (Google Inc.)
Task: {E0C785DF-23AB-411D-BF38-FF4FD441B22C} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-01-20] (Piriform Ltd)
Task: {F297E0AD-CA3F-43F3-8B6B-9F2872E40997} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-637550786-695466938-1670476771-1000Core.job => C:\Users\Cassandra\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-637550786-695466938-1670476771-1000UA.job => C:\Users\Cassandra\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2014-11-26 13:02 - 2014-11-26 13:02 - 00022016 _____ () C:\Program Files (x86)\TopTab\explorer-task\explorer-task.exe
2013-02-02 16:54 - 2013-02-02 16:54 - 00045056 _____ () C:\Windows\SysWOW64\UTSCSI.EXE
2014-10-16 17:53 - 2014-10-16 17:53 - 00472576 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_64\VistaBridgeLibrary\602ab9ddf3440af31bb4c168b59f2ba5\VistaBridgeLibrary.ni.dll
2015-01-28 14:38 - 2013-10-25 12:08 - 00517408 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare 8\sqlite3.dll
2014-01-20 13:17 - 2014-01-20 13:17 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 13:05 - 2014-10-11 13:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2015-01-28 14:38 - 2013-01-15 18:48 - 00348992 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare 8\madExcept_.bpl
2015-01-28 14:38 - 2013-01-15 18:48 - 00183616 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare 8\madBasic_.bpl
2015-01-28 14:38 - 2013-01-15 18:48 - 00051008 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare 8\madDisAsm_.bpl
2014-08-31 00:48 - 2014-06-04 14:17 - 00892288 _____ () C:\Program Files (x86)\IObit\Smart Defrag 3\webres.dll
2014-09-03 13:15 - 2014-09-03 13:15 - 10683392 _____ () C:\Users\Cassandra\AppData\Local\Programs\Google\MusicManager\QtWebKit4.dll
2014-09-03 13:15 - 2014-09-03 13:15 - 07741952 _____ () C:\Users\Cassandra\AppData\Local\Programs\Google\MusicManager\QtGui4.dll
2014-09-03 13:15 - 2014-09-03 13:15 - 02248192 _____ () C:\Users\Cassandra\AppData\Local\Programs\Google\MusicManager\QtCore4.dll
2014-09-03 13:15 - 2014-09-03 13:15 - 01681408 _____ () C:\Users\Cassandra\AppData\Local\Programs\Google\MusicManager\QtNetwork4.dll
2014-11-13 12:57 - 2014-11-13 12:57 - 00117248 _____ () C:\Users\Cassandra\AppData\Local\Programs\Google\MusicManager\libaacdec.dll
2014-11-13 12:57 - 2014-11-13 12:57 - 00231936 _____ () C:\Users\Cassandra\AppData\Local\Programs\Google\MusicManager\libmpgdec.dll
2014-11-13 12:57 - 2014-11-13 12:57 - 00253440 _____ () C:\Users\Cassandra\AppData\Local\Programs\Google\MusicManager\libid3tag.dll
2014-11-13 12:57 - 2014-11-13 12:57 - 00344064 _____ () C:\Users\Cassandra\AppData\Local\Programs\Google\MusicManager\libaudioenc.dll
2014-09-03 13:15 - 2014-09-03 13:15 - 00026624 _____ () C:\Users\Cassandra\AppData\Local\Programs\Google\MusicManager\imageformats\qgif4.dll
2015-01-28 14:38 - 2013-01-15 18:47 - 00893248 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare 8\webres.dll
2011-02-24 01:29 - 2010-08-11 18:19 - 00056544 _____ () C:\Program Files (x86)\Dell DataSafe Local Backup\STCoreXml.dll
2011-02-24 01:29 - 2010-08-11 18:19 - 00113888 _____ () C:\Program Files (x86)\Dell DataSafe Local Backup\PSTVdsDisk.dll
2011-02-24 01:29 - 2010-08-11 18:19 - 00126176 _____ () C:\Program Files (x86)\Dell DataSafe Local Backup\STLog.dll
2011-03-05 20:03 - 2011-03-05 20:03 - 00268064 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2011\boost_regex-vc90-mt-p-1_33.dll
2011-03-05 20:03 - 2011-03-05 20:03 - 00020256 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2011\QBCompressor.dll
2005-07-19 22:18 - 2005-07-19 22:18 - 00059904 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2011\zlib1.dll
2011-03-05 20:03 - 2011-03-05 20:03 - 00346400 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2011\BackupLib.dll
2011-03-05 20:03 - 2011-03-05 20:03 - 00124704 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2011\QBMAPILibrary.dll
2011-03-05 20:03 - 2011-03-05 20:03 - 00175904 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2011\boost_serialization-vc90-mt-p-1_33.dll
2011-03-05 20:03 - 2011-03-05 20:03 - 00041760 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2011\mbpopup.dll
2015-01-28 14:38 - 2014-12-10 09:14 - 01284896 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare 8\Scan.dll
2014-08-30 23:48 - 2013-01-15 18:48 - 00348992 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\madExcept_.bpl
2014-08-30 23:48 - 2013-01-15 18:48 - 00183616 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\madBasic_.bpl
2014-08-30 23:48 - 2013-01-15 18:48 - 00051008 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\madDisAsm_.bpl
2014-10-16 17:48 - 2014-10-16 17:48 - 00170496 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\3d576cbc4ffc5ad06fd61510c5d8f326\IsdiInterop.ni.dll
2011-02-24 01:24 - 2010-03-03 20:08 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Users\Cassandra\Desktop\sf-50 2014.jpeg:3or4kl4x13tuuug3Byamue2s4b
AlternateDataStreams: C:\Users\Cassandra\Desktop\sf-50 2014.jpeg.jpeg:3or4kl4x13tuuug3Byamue2s4b
AlternateDataStreams: C:\Users\Cassandra\Desktop\SF50 4-24.jpeg:3or4kl4x13tuuug3Byamue2s4b
AlternateDataStreams: C:\Users\Cassandra\Desktop\Tigger.jpeg:3or4kl4x13tuuug3Byamue2s4b

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\cmwf.sys => ""="Driver" <==== ATTENTION
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\cmwr.sys => ""="Driver" <==== ATTENTION
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\cmwf.sys => ""="Driver" <==== ATTENTION
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\cmwr.sys => ""="Driver" <==== ATTENTION
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ColorMedia => ""="service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\GoToAssist => ""="Service"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: Apple Mobile Device => 2
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: DSUpdateLauncher => "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe" /NOCONSOLE /D="C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate" /RUNAS "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe"
MSCONFIG\startupreg: GoogleChromeAutoLaunch_63990A7A6D14639F8C595D19122B51CA => "C:\Users\Cassandra\AppData\Local\Google\Chrome\Application\chrome.exe" --no-startup-window
MSCONFIG\startupreg: Launcher => C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe
MSCONFIG\startupreg: STToasterLauncher => C:\Program Files (x86)\Dell DataSafe Local Backup\toasterLauncher.exe

========================= Accounts: ==========================

Administrator (S-1-5-21-637550786-695466938-1670476771-500 - Administrator - Disabled)
Cassandra (S-1-5-21-637550786-695466938-1670476771-1000 - Administrator - Enabled) => C:\Users\Cassandra
Guest (S-1-5-21-637550786-695466938-1670476771-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-637550786-695466938-1670476771-1003 - Limited - Enabled)

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (02/05/2015 05:51:01 AM) (Source: QuickBooks) (EventID: 4) (User: )
Description: An unexpected error has occured in "QuickBooks":
Returning NULL QBWinInstance Handle

Error: (02/05/2015 05:51:01 AM) (Source: QuickBooks) (EventID: 4) (User: )
Description: An unexpected error has occured in "QuickBooks":
Returning NULL QBWinInstance Handle

Error: (02/05/2015 05:51:01 AM) (Source: QuickBooks) (EventID: 4) (User: )
Description: An unexpected error has occured in "QuickBooks":
Returning NULL QBWinInstance Handle

Error: (02/05/2015 05:47:54 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 512) (User: )
Description: The Cryptographic Services service failed to initialize the VSS backup "System Writer" object.


Details:
Could not query the status of the EventSystem service.

System Error:
A system shutdown is in progress.
.

Error: (02/05/2015 05:44:39 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 512) (User: )
Description: The Cryptographic Services service failed to initialize the VSS backup "System Writer" object.


Details:
Could not query the status of the EventSystem service.

System Error:
A system shutdown is in progress.
.

Error: (02/05/2015 05:41:03 AM) (Source: AdvancedSystemCareService8) (EventID: 0) (User: )
Description: The handle is invalid

Error: (02/05/2015 05:41:03 AM) (Source: AdvancedSystemCareService8) (EventID: 0) (User: )
Description: The handle is invalid

Error: (02/05/2015 05:40:55 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program SoftwareUpdate.exe version 2.1.3.127 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: f60

Start Time: 01d03fd799305792

Termination Time: 749

Application Path: C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe

Report Id: bdc909d8-ad2b-11e4-a91b-b8ac6fe1f5e7

Error: (02/05/2015 00:36:59 AM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"1".Error in manifest or policy file "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"2" on line WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".
Please use sxstrace.exe for detailed diagnosis.

Error: (02/04/2015 00:34:02 AM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"1".Error in manifest or policy file "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"2" on line WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".
Please use sxstrace.exe for detailed diagnosis.


System errors:
=============
Error: (02/05/2015 05:48:41 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \SystemRoot\SysWow64\drivers\pfc.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

Error: (02/05/2015 05:47:32 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The PnP-X IP Bus Enumerator service depends on the Function Discovery Provider Host service which failed to start because of the following error:
%%1068

Error: (02/05/2015 05:45:57 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (02/05/2015 05:45:57 AM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1068fdPHost{D3DCB472-7261-43CE-924B-0704BD730D5F}

Error: (02/05/2015 05:45:57 AM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1068fdPHost{145B4335-FE2A-4927-A040-7C35AD3180EF}

Error: (02/05/2015 05:45:56 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (02/05/2015 05:45:56 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (02/05/2015 05:45:56 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (02/05/2015 05:45:56 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (02/05/2015 05:45:56 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068


Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
Date: 2015-01-19 20:27:58.541
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\BubbleSound\BubbleSound.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-01-19 20:27:58.463
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\BubbleSound\BubbleSound.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-01-19 20:27:48.273
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\BubbleSound\BubbleSound.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-01-19 20:27:48.195
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\BubbleSound\BubbleSound.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-01-19 20:27:40.068
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\BubbleSound\BubbleSound.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-01-19 20:27:39.979
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\BubbleSound\BubbleSound.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-01-19 20:26:53.030
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\BubbleSound\BubbleSound.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-01-19 20:26:52.948
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\BubbleSound\BubbleSound.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-01-19 20:26:41.875
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\BubbleSound\BubbleSound.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-01-19 20:26:41.794
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\BubbleSound\BubbleSound.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Pentium® Dual-Core CPU E5800 @ 3.20GHz
Percentage of memory in use: 69%
Total physical RAM: 3036.98 MB
Available physical RAM: 920.05 MB
Total Pagefile: 6072.15 MB
Available Pagefile: 4016.62 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:454.84 GB) (Free:360.36 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: C648A420)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=10.9 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=454.8 GB) - (Type=07 NTFS)

==================== End Of Log ============================

Attached Files



#12 nasdaq

nasdaq

  • Malware Response Team
  • 38,978 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:14 PM

Posted 05 February 2015 - 11:16 AM

I missed some of the items in the HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot section in my last fix.

Lets try this.

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.
 
start

CloseProcesses:

ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (No File)
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (No File)
Winsock: Catalog9 01 C:\Windows\SysWOW64\ColorMedia.dll [324776] (CartCrunch Israel Ltd.)
Winsock: Catalog9 02 C:\Windows\SysWOW64\ColorMedia.dll [324776] (CartCrunch Israel Ltd.)
Winsock: Catalog9 03 C:\Windows\SysWOW64\ColorMedia.dll [324776] (CartCrunch Israel Ltd.)
Winsock: Catalog9 04 C:\Windows\SysWOW64\ColorMedia.dll [324776] (CartCrunch Israel Ltd.)
Winsock: Catalog9 15 C:\Windows\SysWOW64\ColorMedia.dll [324776] (CartCrunch Israel Ltd.)
Winsock: Catalog9-x64 01 C:\Windows\system32\ColorMedia64.dll [370688] (CartCrunch Israel Ltd.)
Winsock: Catalog9-x64 02 C:\Windows\system32\ColorMedia64.dll [370688] (CartCrunch Israel Ltd.)
Winsock: Catalog9-x64 03 C:\Windows\system32\ColorMedia64.dll [370688] (CartCrunch Israel Ltd.)
Winsock: Catalog9-x64 04 C:\Windows\system32\ColorMedia64.dll [370688] (CartCrunch Israel Ltd.)
Winsock: Catalog9-x64 15 C:\Windows\system32\ColorMedia64.dll [370688] (CartCrunch Israel Ltd.)
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.94\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll No File
CHR Plugin: (AVG SiteSafety plugin) - C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\15.5.0\\npsitesafety.dll No File
CHR Plugin: (Java Platform SE 6 U31) - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll No File
CHR Plugin: (McAfee Security Scanner +) - C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMss.dll No File
CHR Plugin: (Best Buy pc app Detector) - C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll No File
CHR Plugin: (Google Update) - C:\Users\Cassandra\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll No File
CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll No File
R1 cmwf; C:\Windows\system32\Drivers\cmwf.sys [33952 2015-01-07] () [File not signed] <==== ATTENTION
R1 cmwr; C:\Windows\system32\Drivers\cmwr.sys [45216 2015-01-07] () [File not signed] <==== ATTENTION[/B]
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\cmwf.sys => ""="Driver" <==== ATTENTION
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\cmwr.sys => ""="Driver" <==== ATTENTION
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\cmwf.sys => ""="Driver" <==== ATTENTION
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\cmwr.sys => ""="Driver" <==== ATTENTION
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ColorMedia => ""="service"
AlternateDataStreams: C:\Users\Cassandra\Desktop\sf-50 2014.jpeg:3or4kl4x13tuuug3Byamue2s4b
AlternateDataStreams: C:\Users\Cassandra\Desktop\sf-50 2014.jpeg.jpeg:3or4kl4x13tuuug3Byamue2s4b
AlternateDataStreams: C:\Users\Cassandra\Desktop\SF50 4-24.jpeg:3or4kl4x13tuuug3Byamue2s4b
AlternateDataStreams: C:\Users\Cassandra\Desktop\Tigger.jpeg:3or4kl4x13tuuug3Byamue2s4b
C:\Windows\system32\Drivers\cmwf.sys
C:\Windows\system32\Drivers\cmwr.sys
C:\Windows\SysWOW64\ColorMedia.dll
C:\Windows\system32\ColorMedia64.dll

End
Save the files as fixlist.txt into the same folder as FRST

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

How is it now?

#13 txjustin825

txjustin825
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:02:14 PM

Posted 05 February 2015 - 05:38 PM

still the same...here is the fixlog.txt.

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 05-02-2015
Ran by Cassandra at 2015-02-05 16:33:46 Run:5
Running from C:\Users\Cassandra\Desktop
Loaded Profiles: Cassandra (Available profiles: Cassandra)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start

CloseProcesses:

ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (No File)
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (No File)
Winsock: Catalog9 01 C:\Windows\SysWOW64\ColorMedia.dll [324776] (CartCrunch Israel Ltd.)
Winsock: Catalog9 02 C:\Windows\SysWOW64\ColorMedia.dll [324776] (CartCrunch Israel Ltd.)
Winsock: Catalog9 03 C:\Windows\SysWOW64\ColorMedia.dll [324776] (CartCrunch Israel Ltd.)
Winsock: Catalog9 04 C:\Windows\SysWOW64\ColorMedia.dll [324776] (CartCrunch Israel Ltd.)
Winsock: Catalog9 15 C:\Windows\SysWOW64\ColorMedia.dll [324776] (CartCrunch Israel Ltd.)
Winsock: Catalog9-x64 01 C:\Windows\system32\ColorMedia64.dll [370688] (CartCrunch Israel Ltd.)
Winsock: Catalog9-x64 02 C:\Windows\system32\ColorMedia64.dll [370688] (CartCrunch Israel Ltd.)
Winsock: Catalog9-x64 03 C:\Windows\system32\ColorMedia64.dll [370688] (CartCrunch Israel Ltd.)
Winsock: Catalog9-x64 04 C:\Windows\system32\ColorMedia64.dll [370688] (CartCrunch Israel Ltd.)
Winsock: Catalog9-x64 15 C:\Windows\system32\ColorMedia64.dll [370688] (CartCrunch Israel Ltd.)
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.94\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll No File
CHR Plugin: (AVG SiteSafety plugin) - C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\15.5.0\\npsitesafety.dll No File
CHR Plugin: (Java Platform SE 6 U31) - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll No File
CHR Plugin: (McAfee Security Scanner +) - C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMss.dll No File
CHR Plugin: (Best Buy pc app Detector) - C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll No File
CHR Plugin: (Google Update) - C:\Users\Cassandra\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll No File
CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll No File
R1 cmwf; C:\Windows\system32\Drivers\cmwf.sys [33952 2015-01-07] () [File not signed] <==== ATTENTION
R1 cmwr; C:\Windows\system32\Drivers\cmwr.sys [45216 2015-01-07] () [File not signed] <==== ATTENTION[/b]
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\cmwf.sys => ""="Driver" <==== ATTENTION
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\cmwr.sys => ""="Driver" <==== ATTENTION
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\cmwf.sys => ""="Driver" <==== ATTENTION
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\cmwr.sys => ""="Driver" <==== ATTENTION
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ColorMedia => ""="service"
AlternateDataStreams: C:\Users\Cassandra\Desktop\sf-50 2014.jpeg:3or4kl4x13tuuug3Byamue2s4b
AlternateDataStreams: C:\Users\Cassandra\Desktop\sf-50 2014.jpeg.jpeg:3or4kl4x13tuuug3Byamue2s4b
AlternateDataStreams: C:\Users\Cassandra\Desktop\SF50 4-24.jpeg:3or4kl4x13tuuug3Byamue2s4b
AlternateDataStreams: C:\Users\Cassandra\Desktop\Tigger.jpeg:3or4kl4x13tuuug3Byamue2s4b
C:\Windows\system32\Drivers\cmwf.sys
C:\Windows\system32\Drivers\cmwr.sys
C:\Windows\SysWOW64\ColorMedia.dll
C:\Windows\system32\ColorMedia64.dll

End
*****************

Processes closed successfully.
C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe not found.
C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe not found.
Winsock: Catalog entry 000000000001 => Could not be deleted.
Winsock: Catalog entry 000000000002 => Could not be deleted.
Winsock: Catalog entry 000000000003 => Could not be deleted.
Winsock: Catalog entry 000000000004 => Could not be deleted.
Winsock: Catalog entry 000000000015 => Could not be deleted.
Winsock: Catalog entry 000000000001 => Could not be deleted.
Winsock: Catalog entry 000000000002 => Could not be deleted.
Winsock: Catalog entry 000000000003 => Could not be deleted.
Winsock: Catalog entry 000000000004 => Could not be deleted.
Winsock: Catalog entry 000000000015 => Could not be deleted.
C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.94\ppGoogleNaClPluginChrome.dll not found.
C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll not found.
C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\15.5.0\\npsitesafety.dll not found.
C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll not found.
C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMss.dll not found.
C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll not found.
C:\Users\Cassandra\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll not found.
C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll not found.
C:\Windows\system32\Adobe\Director\np32dsw.dll not found.
c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll not found.
cmwf => Unable to stop service
cmwf => Error deleting Service
cmwr => Unable to stop service
cmwr => Error deleting Service
HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\cmwf.sys => Key could not be deleted. Access denied.
HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\cmwr.sys => Key could not be deleted. Access denied.
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\cmwf.sys => Key could not be deleted. Access denied.
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\cmwr.sys => Key could not be deleted. Access denied.
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\ColorMedia => Key not found.
"C:\Users\Cassandra\Desktop\sf-50 2014.jpeg" => ":3or4kl4x13tuuug3Byamue2s4b" ADS not found.
"C:\Users\Cassandra\Desktop\sf-50 2014.jpeg.jpeg" => ":3or4kl4x13tuuug3Byamue2s4b" ADS not found.
"C:\Users\Cassandra\Desktop\SF50 4-24.jpeg" => ":3or4kl4x13tuuug3Byamue2s4b" ADS not found.
"C:\Users\Cassandra\Desktop\Tigger.jpeg" => ":3or4kl4x13tuuug3Byamue2s4b" ADS not found.
Could not move "C:\Windows\system32\Drivers\cmwf.sys" => Scheduled to move on reboot.
Could not move "C:\Windows\system32\Drivers\cmwr.sys" => Scheduled to move on reboot.
Could not move "C:\Windows\SysWOW64\ColorMedia.dll" => Scheduled to move on reboot.
Could not move "C:\Windows\system32\ColorMedia64.dll" => Scheduled to move on reboot.

=> Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2015-02-05 16:35:49)<=

"C:\Windows\system32\Drivers\cmwf.sys" => File could not move.
"C:\Windows\system32\Drivers\cmwr.sys" => File could not move.
"C:\Windows\SysWOW64\ColorMedia.dll" => File could not move.
"C:\Windows\system32\ColorMedia64.dll" => File could not move.

==== End of Fixlog 16:35:49 ====

#14 nasdaq

nasdaq

  • Malware Response Team
  • 38,978 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:14 PM

Posted 06 February 2015 - 08:35 AM

I hate to go this way but it's all that I can suggest now.

Follow the instructions on this page.
http://www.spyware-techie.com/colormedia-dll-removal-guide

Keep me posted.

#15 txjustin825

txjustin825
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:02:14 PM

Posted 10 February 2015 - 06:33 AM

that fixed it. Thanks! No more issues.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users